diff --git "a/NEWS" "b/NEWS" new file mode 100644--- /dev/null +++ "b/NEWS" @@ -0,0 +1,5309 @@ +NEWS file for libxml2 + +v2.15.0: Sep 15 2025 + +### Major changes + +The API documentation is now generated with Doxygen. Building the +documentation requires the new --with-docs configuration option as well +as Doxygen, xsltproc and the DocBook 4 XSLT stylesheets. + +The Python bindings are disabled by default now. Building the bindings +also requires Doxygen. + +Support for Schematron is now disabled by default. + +The parser option XML_PARSE_UNZIP is now required to read compressed data. + +HTML serialization and handling of character encodings is more in line +with the HTML5 spec now. + +More accessors for xmlParserCtxt were added. + +### Deprecations + +More internal functions and struct members were deprecated. + +### Removals + +The built-in HTTP client and support for LZMA compression were removed. + +The custom Windows build system in `win32` was removed in favor of CMake. + +### Planned removals + +The Python bindings and support for Schematron validation are planned to +be removed in the 2.16 release. + +The following features are considered for removal: + +- Modules API (xmlmodule.h) +- Support for zlib compressed file I/O + +RELAX NG support is still in a bad state and a long-term removal +candidate. + +### Thanks + +Thanks to the following contributors: + +- Alex Richardson +- Benjamin Gilbert +- Caolán McNamara +- Collin Funk +- Dag-Erling Smørgrav +- Dan Yeaw +- Daniel P. Berrangé +- Francesco Pretto +- Lovell Fuller +- Maks Verver +- Markus Rickert +- Michael Mann +- Omar Siam +- Pavel Kopylov +- Peter Kokot +- Samuel Thibault +- ThomasK + + +v2.14.6: Sep 8 2025 + +### Regressions + +- valid: Don't add ids when validating entity content +- Fix initGenericErrorDefaultFunc(NULL) (Samuel Thibault) +- valid: Undeprecate xmlAdd*Decl +- globals: Include HTMLparser.h, fixing Windows build +- io: Fix reading from pipes like stdin on Windows + +### Security + +- regexp: Avoid integer overflow and OOB array access +- tree: Guard against atype corruption + +### Improvements + +- parser: Fix xmlSaturatedAddSizeT argument type + + +v2.14.5: Jul 10 2025 + +### Regressions + +- html: Don't abort on encoding errors +- parser: Fix handling of invalid char refs in recovery mode +- xmllint: Print document even in case of XInclude errors +- xmllint: Fix --xinclude --path + +### Security + +- schematron: Fix memory safety issues in xmlSchematronReportOutput +- Schematron: Fix null pointer dereference leading to DoS (Michael Mann) +- Fix potential buffer overflows of interactive shell (Michael Mann) + +### Improvements + +- parser: Fix xmlCtxtIsStopped + +### Build systems and portability + +- schemas: Fix compilation with pre-C99 MSVC +- cmake: Add missing endif() in libxml2-config.cmake.in +- Fix CMake iconv handling after change to private dependency (Markus Rickert) + + +v2.14.4: Jun 16 2025 + +### Regressions + +- parser: Fix parsing of PublicIds and VersionNums +- parser: Fix custom SAX parsers without cdataBlock handler +- error: Fix initGenericErrorDefaultFunc compatibility macro again +- io: Make xmlOutputBufferCreate* not free encoder on error +- reader: Fix null deref on malloc failure +- Revert "meson: Install libxml2.py" + +### Security + +- tree: Fix integer overflow in xmlBuildQName + +### Improvements + +- parser: Use parser context as default in resource loader +- parser: Only validate EnumerationTypes when requested +- parser: Undeprecate some parser context members + +### Build systems + +- cmake: Avoid overlinking with non-CMake libxml2-config.cmake +- cmake: Make iconv a private dependency + + +v2.14.3: May 13 2025 + +### Regressions + +- reader: Fix reading compressed data +- parser: Make undeclared entities in XML content fatal +- save: Fix XML escape table +- save: Fix xmlSave with NULL encoding +- Revert "valid: Remove duplicate error messages when streaming" + +### Bug fixes + +- save: Fix serialization of attribute defaults containing < +- io: Fix linkage of __xml*BufferCreateFilename functions + +### Build systems + +- cmake: Fix installation directories in libxml2-config.cmake +- meson: Install libxml2.py + +### Improvements + +- parser: Make xmlCtxtGetValidCtxt depend on VALID_ENABLED +- html: Avoid HTML_PARSE_HTML5 clashing with XML_PARSE_NOENT + + +v2.14.2: Apr 17 2025 + +### Security + +- [CVE-2025-32415] schemas: Fix heap buffer overflow in + xmlSchemaIDCFillNodeTables +- [CVE-2025-32414] python: Read at most len/4 characters. (Maks Verver) + +### Build + +- error: Fix initGenericErrorDefaultFunc compatibility macro +- meson: don't link with pthreads on Windows (Benjamin Gilbert) +- cmake, meson: Align Darwin version info with Autotools +- globals: Fix --with-thread-alloc build +- meson: ensure relaxng option supports minimum option (Lovell Fuller) + + +v2.14.1: Apr 3 2025 + +### Regressions + +- parser: Fix XML_PARSE_NOBLANKS dropping non-whitespace text + +### Build systems + +- win32-legacy: Fix build (ThomasK) +- meson: Fix build from tarball +- cmake, meson: Change library filename to libxml2.so.16.0.0 + + +v2.14.0: Mar 27 2025 + +### Major changes + +The HTML tokenizer now conforms fully to HTML5. Several non-standard +syntax warnings were removed. Note that HTML5 tree construction isn't +implemented yet. + +Binary compatibility is restricted to versions 2.14 or newer. On ELF +systems, the soname was bumped from libxml2.so.2 to libxml2.so.16. + +The serialization API will now take user-provided or default encodings +into account when serializing attribute values, matching the +serialization of text and avoiding unnecessary escaping. + +The XML parser won't try to merge consecutive CDATA sections as before +to align with web standards. Each CDATA section will create exactly one +node or SAX callback. + +Support for RELAX NG can now be disabled with a new configuration +option independently of XML Schemas support. It is still enabled by +default. + +The "legacy" configuration option won't enable support for HTTP and +LZMA anymore. These features will be removed in the next release. + +Parts of the xmllint executable were refactored, allowing the +combination of more options. OOM errors should be reported reliably now. + +Several improvements were made to the build systems. Meson is fully +supported now. + +Parts of the buffering code were reworked and simplified. + +Overflow checks before reallocations were hardenend. + +Some unprefixed symbols were renamed to avoid namespace pollution. + +### New features + +Input callbacks can now be set on a parser context and an improved API +to create parser input is available. The following new functions, +taking a parser input object, were added: + +- xmlCtxtParseDocument +- xmlCtxtParseContent as replacement for xmlParseBalancedChunkMemory + and xmlParseInNodeContext +- xmlCtxtParseDtd + +The xmlSave API now has additional options to replace global settings. + +Parser options XML_PARSE_UNZIP, XML_PARSE_NO_SYS_CATALOG and +XML_PARSE_CATALOG_PI were added. + +An API function to install a custom character encoding converter is +now available. This makes it possible to use ICU for encoding conversion +even if libxml2 was compiled without ICU support, see example/icu.c. + +### Deprecations + +Access to many public struct members is now deprecated. Several accessor +functions were added to use instead. + +More internal functions were deprecated. + +### Removals + +Metadata about the HTML4 content model was removed from the htmlElemDesc +struct and related functions were deprecated. + +The FTP module and related functions were removed. + +Support for the range and point extensions of the xpointer() scheme +was removed. The rest of the XPointer implementation isn't affected. +The xpointer() scheme now behaves like the xpath1() scheme. + +Several legacy symbols and the functions in xmlunicode.h were removed. + +ELF version information was removed. + +The shell was moved from libxml2 to xmllint. Several related functions +are no longer available. + +The libxml.m4 file containing autoconf macros was removed. + +The --with-tree configuration option was removed. + +The hack to detect single-threaded programs under glibc was removed. + +### Planned removals + +Support for HTTP and LZMA compression is planned to be removed in the +2.15 release. + +The following features are considered for removal: + +- Modules API (xmlmodule.h) +- Schematron support +- Support for zlib compressed file I/O +- Legacy Windows build system in win32 + +RELAX NG support is still in a bad state and a long-term removal +candidate. + +### Thanks + +Thanks to the following contributors: + +- Andrew Potter +- Benjamin Gilbert +- Chun-wei Fan +- correctmost +- Daniel Cheng +- Daniel E +- Florin Haja +- Grzegorz Szymaszek +- Heiko Becker +- Himanshibansal +- Jan Alexander Steffens (heftig) +- Kjell Ahlstedt +- makise-homura +- Markus Rickert +- Mike Dalessio +- Miklos Vajna +- Rosen Penev +- Ruslan Garipov +- Ryan Carsten Schmidt +- Saleem Abdulrasool +- Sam James +- Satadru Pramanik +- Taylor R Campbell +- triallax +- Yegor Yefremov +- Zak Ridouh + + +v2.13.7: Mar 27 2025 + +### Regressions + +- tree: Fix xmlTextMerge with NULL args +- io: Fix `compressed` flag for uncompressed stdin +- parser: Fix parsing of DTD content + + +v2.13.6: Feb 18 2025 + +### Security + +- [CVE-2025-24928] Fix stack-buffer-overflow in xmlSnprintfElements +- [CVE-2024-56171] Fix use-after-free after xmlSchemaItemListAdd +- pattern: Fix compilation of explicit child axis + +### Regressions + +- xmllint: Support compressed input from stdin +- uri: Fix handling of Windows drive letters +- reader: Fix return value of xmlTextReaderReadString again +- SAX2: Fix xmlSAX2ResolveEntity if systemId is NULL + +### Portability + +- dict: Handle ENOSYS from getentropy gracefully +- Fix compilation with uclibc (Dario Binacchi) +- python: Declare init func with PyMODINIT_FUNC +- tests: Fix sanitizer version check on old Apple clang +- cmake: Work around broken sys/random.h in old macOS SDKs + +### Build + +- autotools: Set AC_CONFIG_AUX_DIR +- cmake: Always build Python module as shared library +- cmake: add missing `Bcrypt` link on Windows (Saleem Abdulrasool) +- cmake: Fix compatibility in package version file + + +v2.13.5: Nov 12 2024 + +### Regressions + +- xmlIO: Fix reading from non-regular files like pipes +- xmlreader: Fix return value of xmlTextReaderReadString +- parser: Fix loading of parameter entities in external DTDs +- parser: Fix downstream code that swaps DTDs +- parser: Fix detection of duplicate attributes +- string: Fix va_copy fallback + +### Bug fixes + +- xpath: Fix parsing of non-ASCII names + + +v2.13.4: Sep 18 2024 + +### Regressions + +- parser: Make unsupported encodings an error in declarations +- io: don't set the executable bit when creating files (triallax) +- xmlcatalog: Improved fix for #699 +- Revert "catalog: Fetch XML catalog before dumping" +- io: Add missing calls to xmlInitParser +- tree: Restore return value of xmlNodeListGetString with NULL list +- parser: Fix error handling after reaching limit +- parser: Make xmlParseChunk return an error if parser was stopped + +### Bug fixes + +- python: Fix SAX driver with character streams + +### Improvements + +- xpath: Make recursion check work with xmlXPathCompile +- parser: Report at least one fatal error + +### Portability + +- include: Check whether _MSC_VER is defined + + +v2.13.3: Jul 24 2024 + +### Security + +- [CVE-2024-40896] Fix XXE protection in downstream code + +### Regressions + +- autotools: Use AC_CHECK_DECL to check for getentropy +- xinclude: Fix fallback for text includes +- io: Don't call getcwd in xmlParserGetDirectory +- io: Fix return value of xmlFileRead +- parser: Fix error return of xmlParseBalancedChunkMemory + +### Improvements + +- xinclude: Set error handler when parsing text +- Undeprecate xmlKeepBlanksDefault + + +v2.13.2: Jul 4 2024 + +### Regressions + +- tree: Fix handling of empty strings in xmlNodeParseContent +- valid: Restore ID lookup +- parser: Reenable ctxt->directory +- uri: Handle filesystem paths in xmlBuildRelativeURISafe +- encoding: Make xmlFindCharEncodingHandler return UTF-8 handler +- encoding: Fix encoding lookup with xmlOpenCharEncodingHandler +- include: Define ATTRIBUTE_UNUSED for clang +- uri: Fix xmlBuildURI with NULL base + +### Improvements + +- uri: Enable Windows paths on Cygwin +- tests: Clarify licence of test/intsubset2.xml + + +v2.13.1: Jun 19 2024 + +### Regressions + +- parser: Selectively reenable reading from "-" +- reader: Fix xmlTextReaderReadString +- xinclude: Set XPath context doc +- xinclude: Load included documents with XML_PARSE_DTDLOAD +- include: Don't redefine ATTRIBUTE_UNUSED +- include: Readd circular dependency between tree.h and parser.h +- xinclude: Add missing include (Jan Alexander Steffens (heftig)) +- win32, msvc: fix missing linking against Bcrypt.lib (Miklos Vajna) +- xinclude: Don't raise error on empty nodeset +- parser: Make failure to load main document a warning +- tree: Fix freeing entities via xmlFreeNode +- parser: Pass global object to sax->setDocumentLocator + +### Improvements + +- io: Fix resetting xmlParserInputBufferCreateFilename hook + +### Documentation + +- Fix typo in NEWS (--with-html -> --with-http) (Ryan Carsten Schmidt) +- doc: Don't mention xmlNewInputURL + + +v2.13.0: Jun 12 2024 + +### Major changes + +Most of the core code should now report malloc failures reliably. Some +API functions were extended with versions that report malloc failures. + +New API functions for error handling were added: + +- xmlCtxtSetErrorHandler +- xmlXPathSetErrorHandler +- xmlXIncludeSetErrorHandler + +This makes it possible to register per-context error handlers without +resorting to global handlers. + +A few error messages were improved and consolidated. Please update +downstream test suites accordingly. + +A new parser option XML_PARSE_NO_XXE can be used to disable loading +of external entities or DTDs. This is most useful in connection with +XML_PARSE_NOENT. + +Support for HTTP POST was removed. + +Support for zlib, liblzma and HTTP is now disabled by default and has +to be enabled by passing --with-zlib, --with-lzma or --with-http to +configure. In legacy mode (--with-legacy) these options are enabled +by default as before. + +Support for FTP will be removed in the next release. + +Support for the range and point extensions of the xpointer() scheme +will be removed in the next release. The rest of the XPointer +implementation won't be affected. The xpointer() scheme will behave +like the xpath1() scheme. + +Several more legacy symbols were deprecated. Users of the old "SAX1" +API functions are encouraged to upgrade to the new "SAX2" API, +available since version 2.6.0 from 2003. + +Some deprecated global variables were made const: + +- htmlDefaultSAXHandler +- oldXMLWDcompatibility +- xmlDefaultSAXHandler +- xmlDefaultSAXLocator +- xmlParserDebugEntities + +### Deprecations and removals + +- threads: Deprecate remaining ThrDef functions +- unicode: Deprecate most xmlUCSIs* functions +- memory: Remove memory debugging +- tree: Deprecate xmlRegisterNodeDefault +- tree: Deprecate xmlSetCompressMode +- html: Deprecate htmlHandleOmittedElem +- valid: Deprecate internal validation functions +- valid: Deprecate old DTD serialization API +- nanohttp: Deprecate public API +- Remove VMS support +- Remove Trio + +### Bug fixes + +- parser: Fix base URI of internal parameter entities +- tree: Handle predefined entities in xmlBufGetEntityRefContent +- schemas: Allow unlimited length decimals, integers etc. (Tomáš Ženčák) +- reader: Fix preservation of attributes +- parser: Always decode entities in namespace URIs +- relaxng: Fix tree corruption in xmlRelaxNGParseNameClass (Seiya Nakata) +- schemas: Fix ADD_ANNOTATION +- tree: Fix tree iteration in xmlDOMWrapRemoveNode +- tree: Declare namespace on clone in xmlDOMWrapCloneNode +- tree: Fix xmlAddSibling with last sibling +- tree: Fix xmlDocSetRootElement with multiple top-level elements +- catalog: Fetch XML catalog before dumping +- html: Don't close fd in htmlCtxtReadFd + +### Improvements + +- parser: Fix "Truncated multi-byte sequence" error +- Add missing _cplusplus processing clause (Sadaf Ebrahimi) +- parser: Rework handling of undeclared entities +- SAX2: Warn if URI resolution failed +- parser: Don't report error on invalid URI +- xmllint: Clean up option handling +- xmllint: Rework parsing +- parser: Don't create undeclared entity refs in substitution mode +- Make some globals const +- reader: Make xmlTextReaderReadString non-recursive +- reader: Rework xmlTextReaderRead{Inner,Outer}Xml +- Remove redundant size check (Niels Dossche) +- Remove redundant NULL check on cur (Niels Dossche) +- Remove always-false check old == cur (Niels Dossche) +- Remove redundant NULL check on cur (Niels Dossche) +- tree: Don't return empty localname in xmlSplitQName{2,3} +- xinclude: Don't try to fix base of non-elements +- tree: Don't coalesce text nodes in xmlAdd{Prev,Next}Sibling +- SAX2: Optimize appending children +- tree: Align xmlAddChild with other node insertion functions +- html: Use binary search in htmlEntityValueLookup +- io: Allocate output buffer with XML_BUFFER_ALLOC_IO +- encoding: Don't shrink input too early in xmlCharEncOutput +- tree: Tighten source doc check in xmlDOMWrapAdoptNode +- tree: Check destParent->doc in xmlDOMWrapCloneNode +- tree: Refactor text node updates +- tree: Refactor node insertion +- tree: Refactor element creation and parsing of attribute values +- tree: Simplify xmlNodeGetContent, xmlBufGetNodeContent +- buf: Don't use default buffer size for small strings +- string: Fix xmlStrncatNew(NULL, "") +- entities: Don't allow null name in xmlNewEntity +- html: Fix quadratic behavior in htmlNodeDump +- tree: Rewrite xmlSetTreeDoc +- valid: Rework xmlAddID +- tree: Remove unused node types +- tree: Make namespace comparison more consistent +- tree: Don't allow NULL name in xmlSetNsProp +- tree: Rework xmlNodeListGetString +- tree: Rework xmlTextMerge +- tree: Rework xmlNodeSetName +- tree: Simplify xmlAddChild with text parent +- tree: Disallow setting content of entity reference nodes +- tree: Rework xmlReconciliateNs +- schemas: fix spurious warning about truncated snprintf output + (Benjamin Gilbert) +- xmlschemastypes: Remove unreachable if statement (Maks Mishin) +- relaxng: Remove useless if statement (Maks Mishin) +- tree: Check for integer overflow in xmlStringGetNodeList +- http: Improve error message for HTTPS redirects +- catalog: Remove Windows hack +- save: Move DTD serialization code to xmlsave.c +- parser: Report fatal error if document entity couldn't be loaded +- xpath: Fix return of empty node-set in xmlXPathNodeCollectAndTest +- SAX2: Limit entity URI length to 2000 bytes +- parser: Account for full size of non-well-formed entities +- parser: Pop inputs if parsing DTD failed +- parser: Fix quadratic behavior when copying entities +- writer: Implement xmlTextWriterClose +- parser: Avoid duplicate namespace errors +- parser: Add XML_PARSE_NO_XXE parser option +- parser: Make xmlParseContent more useful +- error: Make xmlFormatError public +- encoding: Check whether encoding handlers support input/output +- SAX2: Enforce size limit in xmlSAX2Text with XML_PARSE_HUGE +- parser: Lower maximum entity nesting depth +- parser: Set depth limit to 2048 with XML_PARSE_HUGE +- parser: Implement xmlCtxtSetOptions +- parser: Always prefer option members over bitmask +- parser: Don't modify SAX2 handler if XML_PARSE_SAX1 is set +- parser: Rework parsing of attribute and entity values +- save: Output U+FFFD replacement characters +- parser: Simplify entity size accounting +- parser: Avoid unwanted expansion of parameter entities +- parser: Always copy content from entity to target +- parser: Simplify control flow in xmlParseReference +- parser: Remove xmlSetEntityReferenceFunc feature +- parser: Push general entity input streams on the stack +- parser: Move progressive flag into input struct +- parser: Fix in-parameter-entity and in-external-dtd checks +- xpath: Rewrite substring-before and substring-after +- xinclude: Only set xml:base if necessary +- xinclude: Allow empty nodesets +- parser: Rework general entity parsing +- io: Fix close error handling +- io: Fix read/write error handling +- io: More refactoring and unescaping fixes +- io: Move some code from xmlIO.c to parserInternals.c +- uri: Clean up special parsing modes +- xinclude: Rework xml:base fixup +- parser: Also set document properties when push parsing +- include: Move non-generated parts from xmlversion.h.in +- io: Remove support for HTTP POST +- dict: Move local RNG state to global state +- dict: Get random seed from system PRNG +- io: Don't use "-" to read from stdin +- io: Rework initialization +- io: Consolidate error messages +- xzlib: Fix harmless unsigned integer overflow +- io: Always use unbuffered input +- io: Fix detection of compressed streams +- io: Pass error codes from xmlFileOpenReal to xmlNewInputFromFile +- io: Rework default callbacks +- error: Stop printing some errors by default +- xpath: Don't free nodes of XSLT result value trees +- valid: Fix handling of enumerations +- parser: Allow recovery in xmlParseInNodeContext +- encoding: Support ASCII in xmlLookupCharEncodingHandler +- include: Remove useless 'const' from function arguments +- Avoid EDG -Wignored-qualifiers warnings on wrong 'const *' to '* const' + conversions (makise-homura) +- Avoid EDG deprecation warnings for LCC compiler (makise-homura) +- Avoid EDG -Woverflow warnings on truncating conversions by manually + truncating operand (makise-homura) +- Avoid EDG -Wtype-limits warnings on unsigned comparisons with zero by + conversion from unsigned int to int (makise-homura) +- Avoid using no_sanitize attribute on EDG even if compiler shows as GCC + (makise-homura) + +### Build systems + +- meson: convert boolean options to feature option (Rosen Penev) +- meson: Pass LIBXML_STATIC in dependency (Andrew Potter) +- meson: fix compilation with local binaries (Rosen Penev) +- meson: don't use dl dependency on old meson (Rosen Penev) +- meson: fix usage as a subproject (Rosen Penev) +- autotools: Fix pthread detection on FreeBSD +- build: Remove --with-fexceptions configuration option +- autotools: Remove --with-coverage configuration option +- build: Disable HTTP support by default +- Stop defining _REENTRANT +- doc: Don't install example code +- meson: Initial commit (Vincent Torri) +- build: Disable support for compression libraries by default +- Set LIBXML2_FOUND if it has been properly configured (Michele Bianchi) +- Makefile.am: omit $(top_builddir) from DEPS and LDADDS (Mike Dalessio) + +### Test suite + +- runtest: Work around broken EUC-JP support in musl iconv +- runtest: Check for IBM-1141 encoding handler +- fuzz: Add xmllint fuzzer +- fuzz: Add fuzzer for XML reader API +- fuzz: New tree API fuzzer +- tests: Remove testOOM +- Don't let gentest.py cast types to 'const somethingPtr' to avoid + -Wignored-qualifiers (makise-homura) + + +v2.12.8: Jun 12 2024 + +### Regressions + +- parser: Fix performance regression when parsing namespaces + + +v2.12.7: May 13 2024 + +### Security + +- [CVE-2024-34459] Fix buffer overread with `xmllint --htmlout` + +### Regressions + +- xmllint: Fix --pedantic option +- save: Handle invalid parent pointers in xhtmlNodeDumpOutput + + +v2.12.6: Mar 15 2024 + +### Regressions + +- parser: Fix detection of duplicate attributes in XML namespace +- xmlreader: Fix xmlTextReaderConstEncoding +- html: Fix htmlCreatePushParserCtxt with encoding +- xmllint: Return error code if XPath returns empty nodeset + + +v2.12.5: Feb 4 2024 + +### Security + +- [CVE-2024-25062] xmlreader: Don't expand XIncludes when backtracking + +### Regressions + +- parser: Fix crash in xmlParseInNodeContext with HTML documents + + +v2.12.4: Jan 15 2024 + +### Regressions + +- parser: Fix regression parsing standalone declarations +- autotools: Readd --with-xptr-locs configuration option +- parser: Fix build --without-output +- parser: Don't grow or shrink pull parser memory buffers +- io: Fix memory lifetime issue with input buffers + + +v2.12.3: Dec 12 2023 + +### Regressions + +- parser: Fix namespaces redefined from default attributes + +### Build fixes + +- include: Rename XML_EMPTY helper macro +- include: Move declaration of xmlInitGlobals +- include: Add missing includes +- include: Move globals from xmlsave.h to parser.h +- include: Readd circular dependency between tree.h and parser.h + + +v2.12.2: Dec 5 2023 + +### Regressions + +- parser: Fix invalid free in xmlParseBalancedChunkMemoryRecover +- globals: Disable TLS in static Windows builds +- html: Reenable buggy detection of XML declarations +- tree: Fix regression when copying DTDs +- parser: Make CRLF increment line number + +### Build fixes + +- build: Disable compiler TLS by default +- cmake: Update config.h.cmake.in +- tests: Fix tests --with-valid --without-xinclude + + +v2.12.1: Nov 23 2023 + +### Regressions + +- hash: Fix deletion of entries during scan +- parser: Only enable SAX2 if there are SAX2 element handlers + +### Build fixes + +- autotools: Stop checking for snprintf +- dict: Fix '__thread' before 'static' +- fix: pthread weak references in globals.c (Mike Dalessio) +- tests: Fix build with older MSVC + + +v2.12.0: Nov 16 2023 + +### Major changes + +Most of the known issues leading to quadratic behavior in the XML parser +were fixed. Internal hash tables were rewritten to reduce memory +consumption. + +Starting with this release, it should be enough to add the --with-legacy +configuration option to provide maximum ABI compatibility. For example, +if a code module was removed from the default configuration, the option +will add stubs for the removed symbols. + +libxml2 will now store global variables in thread-local storage if supported +by the compiler. This avoids allocating the data lazily which can result in +a fatal error condition. A new API function xmlCheckThreadLocalStorage +was added so the allocation can be checked earlier if compiler TLS is not +supported. To prepare for future improvements, some API functions now expect +or return a const xmlError struct. + +Several cyclic dependencies in public header files were fixed. As a result, +certain headers won't include other headers as before. + +Refactoring of the encoding code has been mostly completed. Calling +xmlSwitchEncoding from client code is now fully supported, for example to +override the encoding for the push parser. + +When parsing data from memory, libxml2 will now stream data chunk by chunk +instead of copying the whole buffer (possibly twice with encodings), +reducing peak memory consumption considerably. + +A new API function xmlCtxtSetMaxAmplification was added to allow parsing +of files that would otherwise trigger the billion laughs protection. + +Several bugs in the regex determinism checks were fixed. Invalid XML +Schemas which previous versions erroneously accepted will now be +rejected. + +### Deprecations + +- globals: Deprecate xmlLastError +- parser: Deprecate global parser options +- win32: Deprecate old Windows build system + +### Bug fixes + +- parser: Stop switching to ISO-8859-1 on encoding errors +- parser: Support encoded external PEs in entity values +- string: Fix UTF-8 validation in xmlGetUTF8Char +- SAX2: Allow multiple top-level elements +- parser: Update line number after coalescing text nodes +- parser: Check for truncated multi-byte sequences + +### Improvements + +- error: Make more xmlError structs constant +- parser: Remove redundant IS_CHAR check in xmlCurrentChar +- parser: Fix stack handling in xmlParseTryOrFinish +- parser: Protect against quadratic default attribute expansion +- parser: Missing checks for disableSAX +- entities: Make xmlFreeEntity public +- examples: Don't use sprintf +- encoding: Suppress -Wcast-align warnings +- parser: Use hash tables to avoid quadratic behavior +- parser: Don't skip CR in xmlCurrentChar +- dict: Rewrite dictionary hash table code +- hash: Rewrite hash table code +- malloc-fail: Report malloc failure in xmlFARegExec +- malloc-fail: Report malloc failure in xmlRegEpxFromParse +- parser: Simplify xmlStringCurrentChar +- regexp: Fix status codes and handle invalid UTF-8 +- error: Make xmlGetLastError return a const error +- html: Fix logic in htmlAutoClose +- globals: Move globals back to correct header files +- globals: Use thread-local storage if available +- globals: Rework global state destruction on Windows +- globals: Define globals using macros +- globals: Introduce xmlCheckThreadLocalStorage +- globals: Make xmlGlobalState private +- threads: Move library initialization code to threads.c +- debug: Remove debugging code +- globals: Move code from threads.c to globals.c +- parser: Avoid undefined behavior in xmlParseStartTag2 +- schemas: Fix memory leak of annotations in notations +- dict: Update hash function +- dict: Use thread-local storage for PRNG state +- dict: Use xoroshiro64** as PRNG +- xmllint: Fix error messages +- parser: Fix detection of null bytes +- parser: Improve error handling in push parser +- parser: Don't check inputNr in xmlParseTryOrFinish +- parser: Remove push parser debugging code +- tree: Fix copying of DTDs +- legacy: Add stubs for disabled modules +- parser: Allow to set maximum amplification factor +- entities: Don't change doc when encoding entities +- parser: Never use UTF-8 encoding handler +- encoding: Remove debugging code +- malloc-fail: Fix unsigned integer overflow in xmlTextReaderPushData +- html: Remove encoding hack in htmlCreateFileParserCtxt +- parser: Decode all data in xmlCharEncInput +- parser: Stream data when reading from memory +- parser: Optimize xmlLoadEntityContent +- parser: Don't overwrite EOF parser state +- parser: Simplify input pointer updates +- parser: Don't reinitialize parser input members +- encoding: Move rawconsumed accounting to xmlCharEncInput +- parser: Rework encoding detection +- parser: Always create UTF-8 in xmlParseReference +- html: Remove some debugging code in htmlParseTryOrFinish +- malloc-fail: Fix memory leak in xmlCompileAttributeTest +- parser: Recover more input from encoding errors +- malloc-fail: Handle malloc failures in xmlAddEncodingAlias +- malloc-fail: Fix null-deref with xmllint --copy +- xpath: Ignore entity ref nodes when computing node hash +- malloc-fail: Fix null deref after xmlXIncludeNewRef +- SAX: Always validate xml:ids +- Stop using sprintf +- Fix compiler warning on GCC < 8 +- regexp: Fix determinism checks +- regexp: Fix checks for eliminated transitions +- regexp: Simplify xmlFAReduceEpsilonTransitions +- regexp: Fix cycle check in xmlFAReduceEpsilonTransitions +- schemas: Fix filename in xmlSchemaValidateFile +- schemas: Fix line numbers in streaming validation +- writer: Add error check in xmlTextWriterEndDocument +- encoding: Stop calling xmlEncodingErr +- xmlIO: Remove some calls to xmlIOErr +- parser: Improve handling of encoding and IO errors +- parser: Move xmlFatalErr to parserInternals.c +- encoding: Rework error codes +- .gitignore: Split up and rearrange .gitignore files +- .gitignore: Add runsuite.log +- Stop calling xmlMemoryDump +- examples: Don't call xmlCleanupParser and xmlMemoryDump +- xpath: Remove remaining references to valueFrame + +### Portability + +- python: Make it compatible with python3.12 (Daniel Garcia Moreno) + +### Build systems + +- cmake: Check whether static linking dependencies found in config files + (James Le Cuirot) +- autotools: Make --with-minimum disable lzma support +- build: Remove some GCC warnings +- Handle NOCONFIG case when setting locations from CMake target properties + (Markus Rickert) +- cmake: Generate better pkg-config file for SYSROOT builds under CMake + (James Le Cuirot) +- autoconf: Include non-pkg-config dependency flags in the pkg-config file + (James Le Cuirot) +- autoconf: Don't bake build time CFLAGS into pkg-config file (James Le Cuirot) +- build: Generate better pkg-config files for static-only builds (James + Le Cuirot) +- build: Generate better pkg-config file for SYSROOT builds (James Le Cuirot) +- autoconf: Allow custom --with-icu configure option + +### Tests + +- tests: Also test xmlNextChar in testchar.c +- tests: Start with testparser.c for extra tests +- fuzz: Raise rss_limit_mb +- fuzz: Test xmlTextReaderRead after EOF or failure +- fuzz: Test XML_PARSE_XINCLUDE | XML_PARSE_VALID +- tests: Handle entities in SAX tests +- fuzz: Disable XML_PARSE_SAX1 option in xml fuzzer +- tests: Add more tests for redefined attributes +- hash: Add hash table tests +- tests: Add ATTRIBUTE_NO_SANITIZE_INTEGER macro +- fuzz: Allow to fuzz without push, reader or output modules +- gitlab-ci: Add a "medium" config build +- python: Fix tests on MinGW +- test: Add push parser test with overridden encoding +- testapi: test_xmlSAXDefaultVersion() leaves xmlSAX2DefaultVersionValue set + to 1 with LIBXML_SAX1_ENABLED (David Kilzer) +- gitlab-ci: Lower _XOPEN_SOURCE value +- testapi: Don't set http_proxy environment variable +- test: Add push parser tests for split UTF-8 sequences +- xinclude: Lower initial table size when fuzzing +- tests: Test streaming schema validation +- runtest: Skip element name in schema error messages + +### Documentation + +- doc: Add notes about runtest to MAINTAINERS.md +- doc: Don't document internal macros in xmlversion.h +- doc: Allow 'unsigned' without 'int' +- doc: Improve documentation of configuration options + + +v2.11.6: Nov 16 2023 + +### Regressions + +- threads: Fix --with-thread-alloc +- xinclude: Fix 'last' pointer in xmlXIncludeCopyNode + +### Bug fixes + +- parser: Fix potential use-after-free in xmlParseCharDataInternal + + +v2.11.5: Aug 9 2023 + +### Regressions + +- parser: Make xmlSwitchEncoding always skip the BOM +- autotools: Improve iconv check + +### Bug fixes + +- valid: Fix c1->parent pointer in xmlCopyDocElementContent +- encoding: Always call ucnv_convertEx with flush set to false + +### Portability + +- autotools: fix Python module file ext for cygwin/msys2 (Christoph Reiter) + +### Tests + +- runtest: Fix compilation without LIBXML_HTML_ENABLED + + +v2.11.4: May 18 2023 + +Fixes a serious regression. + +- parser: Fix regression when push parsing UTF-8 sequences + + +v2.11.3: May 11 2023 + +Fixes more regressions. + +- xinclude: Fix false positives in inclusion loop detection +- autotools: Fix ICU detection +- parser: Fix "huge input lookup" error with push parser +- xpath: Fix build without LIBXML_XPATH_ENABLED +- hash: Fix possible startup crash with old libxslt versions +- autoconf: fix iconv library paths (Mike Dalessio) + + +v2.11.2: May 5 2023 + +Fix regressions. + +- threads: Fix startup crash with weak symbol hack +- win32: Don't depend on removed .def file +- schemas: Fix memory leak in xmlSchemaValidateStream + + +v2.11.1: Apr 30 2023 + +Fixes build and ABI issues. + +- cmake: Fix va_copy detection (Luca Niccoli) +- libxml.m4: Fix quoting +- Link with --undefined-version +- libxml2.syms: Revert removal of version information + + +v2.11.0: Apr 28 2023 + +### Major changes + +Protection against entity expansion attacks, also known as "billion laughs" +has been greatly improved. Malicious files should be detected reliably now +and false positives should be reduced. It is possible though that large +documents which make heavy use of entities are rejected now. + +This release finally fixes symbol visibility on UNIX systems. Internal +symbols will now be hidden. While these symbols were never declared in public +headers, it was still possible to declare them manually. Now this won't work. + +All symbol information has been removed from the ELF version script to fix +link errors with --no-undefined-version. The version nodes are kept so it +should still be possible to run binaries linked against older versions. + +About 90 memory errors in code paths handling malloc failures have been fixed. +While these issues shouldn't impact security, this improves robustness under +memory pressure. + +The XInclude engine has been reworked to properly support nested includes. + +Several cases of quadratic behavior in the XML push parser have been fixed. + +Refactoring has begun on some buffering and encoding code with the goal of +simplifying this part of the code base and improving error reporting. + +Other highlights: + +- Consolidated private header files. +- Major rework of the autoconf build. +- Deprecated several outdated and internal functions. + +Special thanks to Google's Open Source Security Subsidies program for +sponsoring much of the work on this release! + +Ongoing work on libxml2 relies on funding. For a list of important open +issues see + +### Security + +- Fix use-after-free in xmlParseContentInternal() (David Kilzer) +- xmllint: Fix use-after-free with --maxmem +- parser: Fix OOB read when formatting error message +- entities: Rework entity amplification checks + +### Regressions + +- parser: Fix regression in xmlParserNodeInfo accounting + +### Bug fixes + +- Fix memory errors in code handling malloc failures +- encoding: Fix error code in asciiToUTF8 +- xpath: number('-') should return NaN +- xmlParseStartTag2() contains typo when checking for default definitions for + an attribute in a namespace (David Kilzer) +- uri: Fix handling of port numbers +- error: Make sure that error messages are valid UTF-8 +- xinclude: Fix nested includes + +### Improvements + +- xmllint: Validate --maxmem integer option +- xmlValidatePopElement() can return invalid value (-1) (David Kilzer) +- parser: Rework EBCDIC code page detection +- parser: Limit name length in xmlParseEncName +- parser: Rework shrinking of input buffers +- html: Rely on CUR_CHAR to grow the input buffer +- parser: Rely on CUR_CHAR/NEXT to grow the input buffer +- valid: Make xmlValidateElement non-recursive +- html: Fix quadratic behavior in htmlParseTryOrFinish +- xmllint: Fix memory leak with --pattern --stream +- parser: Stop calling xmlParserInputShrink +- html: Impose some length limits +- valid: Allow xmlFreeValidCtxt(NULL) +- parser: Stop calling xmlParserInputGrow +- xinclude: Fix quadratic behavior in xmlXIncludeLoadTxt +- xinclude: Abort immediately if max depth was exceeded +- xpath: Only report the first error +- error: Don't move past current position +- error: Limit number of parser errors +- parser: Lower entity nesting limit with XML_PARSE_HUGE +- parser: Don't increase depth twice when parsing internal entities +- parser: Improve detection of entity loops +- parser: Only report a single entity error +- libxml.h: Remove dubious definition of LIBXML_STATIC +- html: Improve parsing of nested lists +- memory: Don't use locks in xmlMemUsed +- encoding: Remove unused variable xmlDefaultCharEncodingHandler +- Rework initialization code +- Add .editorconfig +- parser: Merge misc, prolog and epilog cases in push parser +- parser: Fix 'consumed' accounting when switching encodings +- html: Fix check for end of comment in push parser +- parser: Fix push parser with 1-3 byte initial chunk +- parser: Rewrite push parser boundary checks +- reader: Switch to xmlParserInputBufferCreateMem +- html: Don't escape ASCII chars in href attributes +- io: Don't shrink memory input buffers +- parser: Don't call xmlSHRINK from push parser +- parser: Ignore cdata argument in xmlParseCharData +- parser: Rework push parser parser progress checks +- io: Fix a few integer overflows in I/O statistics +- io: Rework xmlParserInputBufferGrow with encodings +- io: Remove xmlInputReadCallbackNop +- io: Check for memory buffer early in xmlParserInputGrow +- parser: Fix error message in xmlParseCommentComplex +- Bypass proxy in nanoHTTP for hosts in "no_proxy" (Markus Jörg) +- schemas: Fix infinite loop in xmlSchemaCheckElemSubstGroup +- threads: Remove check for pthread_equal +- xinclude: Rework XInclude cache +- xinclude: Remove inefficient refcounting scheme +- xmllint: Improve handling of empty XPath node sets +- parser: Fix potential memory leak in xmlParseAttValueInternal +- error: Don't use initGenericErrorDefaultFunc +- xpath: Lower XPath recursion limit on Windows +- Stop including sys/types.h +- Don't define WIN32 macro +- Make xmlNewSAXParserCtx take a const sax handler +- Consolidate private header files +- Remove internal macros from parserInternals.h +- Move some HTML functions to correct header file +- xmllint: Stop calling xmlSAXDefaultVersion +- Introduce xmlNewSAXParserCtxt and htmlNewSAXParserCtxt +- Don't mess with parser options in htmlParseDocument +- Remove useless call to htmlDefaultSAXHandlerInit +- Remove htmlDefaultSAXHandler from non-SAX1 build +- Don't initialize SAX handler in htmlReadMemory +- Fix htmlReadMemory mixing up XML and HTML functions +- Don't use default SAX handler to report unrelated errors +- Create stream with buffer in xmlNewStringInputStream +- xmlcatalog: Fix memory leaks + +### Code quality + +- xzlib: Fix implicit sign change in xz_open +- parser: Simplify calculation of available buffer space +- parser: Use size_t when subtracting input buffer pointers +- parser: Check for integer overflow when updating checkIndex +- xpath: Fix harmless integer overflow in xmlXPathTranslateFunction +- schematron: Use logical and +- relaxng: Remove useless if statement +- schemas: Remove useless if statement +- pattern: Merge identical branches +- regexp: Add sanity check in xmlRegCalloc2 +- regexp: Simplify xmlRegAtomPush +- encoding: Cast toupper argument to unsigned char +- uri: Add explicit cast in xmlSaveUri +- buf: Fix return value of xmlBufGetInputBase +- parser: Fix integer overflow of input ID +- parser: Remove useless ent->etype test in xmlParseReference +- parser: Remove useless ent->children tests in xmlParseReference +- xmlmemory.c: Remove xmlMemContentShow +- libxml.h: Add comments and indentation +- libxml.h: Don't include stdio.h +- xmlexports.h: Disable docs for internal macro XMLPUBLIC +- parser: Simplify xmlParseConditionalSections +- io: Rearrange code in xmlSwitchInputEncodingInt +- warnings: Fix -Wstrict-prototypes warning +- warnings: Remove set-but-unused variables +- Fix compiler warnings in SAX2.c +- Fix unused variable warning in python/types.c +- Fix compiler warning in examples +- Fix compiler warnings in fuzzing code +- Remove unused code in nanohttp.c +- Remove or annotate char casts +- Don't use sizeof(xmlChar) or sizeof(char) +- Remove explicit integer casts + +### Deprecations + +- parser: Deprecate more internal functions +- parser: Deprecate some parser input functions +- parser: Deprecate xmlString*DecodeEntities +- threads: Deprecate some internal functions +- buf: Deprecate static/immutable buffers +- Deprecate internal parser functions +- Deprecate old HTML SAX API +- Generate deprecation warnings for old SAX API +- Mark more functions setting globals as deprecated +- Mark more parser functions as deprecated +- Mark most SAX1 functions as deprecated +- Deprecate some global variables + +### Portability + +- autoconf: Warn about outdated C compilers +- win32: Remove broken libxml2.def.src +- Remove symbols from version script +- catalog.c: Silence a cast warning on VS 2022 (Lukáš Tyrychtr) +- libxml.h: Remove ancient LynxOS setup +- Use python3 not python (Ross Burton) +- xstc/fixup-tests.py: port to Python 3 (Ross Burton) +- xstc/fixup-tests.py: unify whitespace (Ross Burton) +- Remove hacky heuristic from b2dc5675 (Alex Richardson) +- Avoid creating an out-of-bounds pointer by rewriting a check + (Alex Richardson) +- Hide internal functions +- Correctly relocate internal pointers after realloc() (Alex Richardson) +- Visual Studio builds: Allow silencing deprecation warnings (Chun-wei Fan) +- Visual Studio: Define XML_DEPRECATED (Chun-wei Fan) +- xmllint: Include on Windows +- warnings: Work around MSVC bug +- sources: Silence C4013 warnings on Visual Studio (Chun-wei Fan) +- python/setup.py.in: Improve Windows import patching (Chun-wei Fan) +- python: Create .pyd on Windows +- Fix Python build on Windows +- Fix Windows compiler warnings in python/types.c +- Fix libxml_PyFileGet +- Remove BeOS support +- Fix libxml_PyFileGet with stdout on macOS +- Migrate from PyEval_ to PyObject_ +- Port build_glob.py to Python 3 +- Port genChRanges.py to Python 3 +- xmlexports.h: Remove LIBXML_FASTCALL optimization +- Remove XMLCALL and XMLCDECL macros from public headers +- Remove XMLDECL macro from .c files + +### Build systems + +- cmake: Link against `dl` and `dld` only when `LIBXML2_WITH_MODULES` is + enabled (Alexander Kutelev) +- autotools: Fix make distcheck +- Remove RPM build, Makefile.tests, README.tests +- libxml.m4: deprecate AM_PATH_XML2, wrap PKG_CHECK_MODULES instead + (Ross Burton) +- libxml.m4: fix -Wstrict-prototypes (Sam James) +- cmake: Build static library with -DLIBXML_STATIC +- autotools: Don't use version script on Windows +- autotools: Fix winsock detection +- autotools: Only add network libraries if HTTP/FTP enabled +- autotools: Disable parallel Python build +- python: Don't output missing generators during build +- build: Remove check for broken ss_family +- http: Simplify IPv6 checks +- autotools: Fix network checks on Windows +- Fix detection of GNU libiconv +- cmake: Fix Python installation +- cmake: Don't check for Python 2 +- configure.ac: Also check for MSYS host +- Improve network library detection +- Detect ws2_32 with AC_SEARCH_LIBS +- Rework network configure checks +- Remove arg cast configure checks +- Fix dlopen check +- Remove HAVE_WIN32_THREADS configuration flag +- Rework dlopen and pthread detection +- Fix test in configure.ac +- cmake: Enable GCC compiler warnings +- Always link with -no-undefined +- Use AM_CFLAGS and AM_LDFLAGS consistently +- Remove -Wredundant-decls +- Call AC_CHECK_* with multiple arguments +- configure.ac: Remove checks for unused programs +- Rework library detection in configure.ac +- Rearrange configure.ac +- Consolidate zlib and lzma detection +- Remove "runtime debugging" +- Consolidate simple API modules in configure.ac +- Fix dependency resolution in configure.ac +- Fix --with-valid --without-regexps build +- Fix --with-schemas --without-xpath build +- Don't build unneeded .c source files +- Move xmlIsXHTML to tree.c +- Cleanup distribution settings in Makefile.am +- Also clean *.pyc files for Python 2 +- Don't distribute libxml2.spec + +### Tests + +- testchar: Add test for memory pull parser with encoding +- fuzz: Also test init function of URI fuzzer +- fuzz: Separate fuzzer for DTD validation +- gitlab-ci: Enable all "integer" sanitizers +- fuzz: Inject random malloc failures +- fuzz: Support variable integer sizes in fuzz data +- fuzz: Fix duplicate detection in fuzzEntityRecorder +- fuzz: Set filename in xmlFuzzEntityLoader +- fuzz: Allow xmlFuzzReadString(NULL) +- fuzz: Fix Makefile dependencies +- fuzz: Add test/recurse to seed corpus +- fuzz: Add separate XInclude fuzzer +- runsuite: Some errors are expected +- testrecurse: Test entity expansion stats +- testapi.c: Initialize catalog early +- gentest.py: Fix memory leak in API tests +- tests: Enable "runsuite" test +- python/tests/reader2: use absolute paths everywhere (Ross Burton) +- python/tests/reader2: always exit(1) if a test fails (Ross Burton) +- testModule: exit if the module can't be opened (Ross Burton) +- CI: disable modules in gcc:static build (Ross Burton) +- CI: fix CI on MinGW builds (Ross Burton) +- python: Fix memory leak checks +- tests: Check that xmlInitParser doesn't allocate memory +- tests: Fix use-after-free in Python tests +- tests: Remove unneeded #includes +- gitlab-ci: Make Test-Msvc exit if ctest fails +- gitlab-ci: Treat compiler warnings as errors on MSVC +- test: Add test for push parser boundaries +- gitlab-ci: Upgrade image to Ubuntu 22.10, reenable MSan +- gitlab-ci: Reenable LeakSanitizer +- gitlab-ci: Fix llvm-symbolizer +- xinclude: Don't create result doc for test with errors +- xinclude: Also test error messages +- gitlab-ci: Allow cast-align warnings from clang +- gitlab-ci: Fix tar invocation +- gitlab-ci: Move MSVC test to separate script +- gitlab-ci: Fix SUFFIX, remove MINGW_PATH +- gitlab-ci: Consolidate CMake test scripts +- gitlab-ci: Only install MinGW autotools if needed +- gitlab-ci: Only install cmake MinGW package if needed +- gitlab-ci: Install 7-Zip using the .msi +- Use $MSYSTEM and 'bash -lc' in MinGW CI +- Add CI job for MinGW/Autotools +- Consolidate CI scripts +- Allow empty MINGW_PACKAGE_PREFIX +- Move Dockerfile to .gitlab-ci directory +- testapi: Disable on Windows for now +- Disable fuzzer tests if glob.h wasn't found +- Move automata test to runtest.c +- Fix testapi when building --without-sax1 + +# Documentation + +- doc: Remove ancient files +- Remove ancient TODOs +- html: Fix htmlInitAutoClose documentation +- doc: Mention new location of XML catalog as breaking change +- doc: Mention potentially breaking changes in NEWS +- doc: Remove xmlDllMain from documentation and version script +- doc: Mention ${sysconfdir} in man pages +- doc: Document xmlcatalog --convert +- doc: Document xmllint --nodict and --pedantic +- doc: Fix indentation in source XML files +- xmllint: Document --quiet option +- Improve cross-references in API docs +- Improve documentation of globals +- Fix documentation parser +- Support comments for global variables in documentation +- Fix update call in apibuild.py +- Don't index anything in DOC_DISABLE sections +- Fix warnings from apibuild.py +- Start with documentation for maintainers + + +v2.10.4: Apr 11 2023 + +### Security + +- [CVE-2023-29469] Hashing of empty dict strings isn't deterministic +- [CVE-2023-28484] Fix null deref in xmlSchemaFixupComplexType +- schemas: Fix null-pointer-deref in xmlSchemaCheckCOSSTDerivedOK + +### Regressions + +- SAX2: Ignore namespaces in HTML documents +- io: Fix "buffer full" error with certain buffer sizes + + +v2.10.3: Oct 14 2022 + +### Security + +- [CVE-2022-40304] Fix dict corruption caused by entity reference cycles +- [CVE-2022-40303] Fix integer overflows with XML_PARSE_HUGE +- Fix overflow check in SAX2.c + +### Portability + +- win32: Fix build with VS2013 + +### Build system + +- cmake: Set SOVERSION + + +v2.10.2: Aug 29 2022 + +### Improvements + +- Remove set-but-unused variable in xmlXPathScanName +- Silence -Warray-bounds warning + +### Build system + +- build: require automake-1.16.3 or later (Xi Ruoyao) +- Remove generated files from distribution + +### Test suite + +- Don't create missing.xml when running testapi + + +v2.10.1: Aug 25 2022 + +### Regressions + +- Fix xmlCtxtReadDoc with encoding + +### Bug fixes + +- Fix HTML parser with threads and --without-legacy + +### Build system + +- Fix build with Python 3.10 +- cmake: Disable version script on macOS +- Remove Makefile rule to build testapi.c + +### Documentation + +- Switch back to HTML output for API documentation +- Port doc/examples/index.py to Python 3 +- Fix order of exports in libxml2-api.xml +- Remove libxml2-refs.xml + + +v2.10.0: Aug 17 2022 + +### Breaking changes + +The Docbook parser module and all related symbols habe been removed completely. +This was experimental code which never worked and generated a deprecation +warning for 15+ years. The library's soname wasn't changed in order to allow +seamless upgrades to later versions. If this concerns you, consider bumping +soname yourself. + +Some other modules are now disabled by default and will eventually be removed +completely: + +- Support for XPointer locations (ranges and points): This was based on + a W3C specification which never got beyond Working Draft status. To my + knowledge, there's no software supporting this spec which is still + maintained. You now have to enable this code by passing the + `--with-xptr-locs` configuration option. Be warned that this part of + the code base is buggy and had many security issues in the past. + +- Support for the built-in FTP client (`--with-ftp`). + +- Support for "legacy" functions (`--with-legacy`). + +If you're concerned about ABI stability and haven't disabled these modules +already, add the following configuration options or bump soname yourself: + + --with-ftp + --with-legacy + --with-xptr-locs + +Several functions of the public API were deprecated. Most of them should be +completely unused and will generate a deprecation warning now. + +The autoconf build now uses the sysconfdir variable for the location of +the default catalog file. The path changed from hardcoded /etc/xml/catalog +to ${sysconfdir}/xml/catalog. The sysconfdir variable defaults to +${prefix}/etc, prefix defaults to /usr/local, so without other options +the path becomes /usr/local/etc/xml/catalog. If you want the old behavior, +configure with + + --sysconfdir=/etc + +### Security + +- [CVE-2022-2309] Reset nsNr in xmlCtxtReset +- Reserve byte for NUL terminator and report errors consistently in xmlBuf and + xmlBuffer (David Kilzer) +- Fix missing NUL terminators in xmlBuf and xmlBuffer functions (David Kilzer) +- Fix integer overflow in xmlBufferDump() (David Kilzer) +- xmlBufAvail() should return length without including a byte for NUL + terminator (David Kilzer) +- Fix ownership of xmlNodePtr & xmlAttrPtr fields in xmlSetTreeDoc() (David + Kilzer) +- Use xmlNewDocText in xmlXIncludeCopyRange +- Fix use-after-free bugs when calling xmlTextReaderClose() before + xmlFreeTextReader() on post-validating parser (David Kilzer) +- Use UPDATE_COMPAT() consistently in buf.c (David Kilzer) +- fix: xmlXPathParserContext could be double-delete in OOM case. (jinsub ahn) + +### Removals and deprecations + +- Disable XPointer location support by default +- Remove outdated xml2Conf.sh +- Deprecate module init and cleanup functions +- Remove obsolete XML Software Autoupdate (XSA) file +- Remove DOCBparser +- Remove obsolete Python test framework +- Remove broken VxWorks support +- Remove broken Mac OS 9 support +- Remove broken bakefile support +- Remove broken Visual Studio 2010 support +- Remove broken Windows CE support +- Deprecate IDREF-related functions in valid.h +- Deprecate legacy functions +- Disable legacy support by default +- Deprecate all functions in nanoftp.h +- Disable FTP support by default +- Add XML_DEPRECATED macro +- Remove elfgcchack.h + +### Regressions + +- Skip incorrectly opened HTML comments +- Restore behavior of htmlDocContentDumpFormatOutput() (David Kilzer) + +### Bug fixes + +- Fix memory leak with invalid XSD +- Make XPath depth check work with recursive invocations +- Fix memory leak in xmlLoadEntityContent error path +- Avoid double-free if malloc fails in inputPush +- Properly fold whitespace around the QName value when validating an XSD + schema. (Damjan Jovanovic) +- Add whitespace folding for some atomic data types that it's missing on. + (Damjan Jovanovic) +- Don't add IDs containing unexpanded entity references + +### Improvements + +- Avoid calling xmlSetTreeDoc +- Simplify xmlFreeNode +- Don't reset nsDef when changing node content +- Fix unintended fall-through in xmlNodeAddContentLen +- Remove unused xmlBuf functions (David Kilzer) +- Implement xpath1() XPointer scheme +- Add configuration flag for XPointer locations support +- Fix compiler warnings in Python code +- Mark more static data as `const` (David Kilzer) +- Make xmlStaticCopyNode non-recursive +- Clean up encoding switching code +- Simplify recursive pthread mutex +- Use non-recursive mutex in dict.c +- Fix parser progress checks +- Avoid arithmetic on freed pointers +- Improve buffer allocation scheme +- Remove unneeded #includes +- Add support for some non-standard escapes in regular expressions. (Damjan + Jovanovic) +- htmlParseComment: handle abruptly-closed comments (Mike Dalessio) +- Add let variable tag support (Oliver Diehl) +- Add value-of tag support (Oliver Diehl) +- Remove useless call to xmlRelaxNGCleanupTypes +- Don't include ICU headers in public headers +- Update `xmlStrlen()` to use POSIX / ISO C `strlen()` (Mike Dalessio) +- Fix unused variable warnings with disabled features +- Only warn on invalid redeclarations of predefined entities +- Remove unneeded code in xmlreader.c +- Rework validation context flags + +### Portability + +- Use NAN/INFINITY if available to init XPath NaN/Inf (Sergey Kosukhin) +- Fix Python tests on macOS +- Fix xmlCleanupThreads on Windows +- Fix reinitialization of library on Windows +- Don't mix declarations and code in runtest.c +- Use portable python shebangs (David Seifert) +- Use critical sections as mutex on Windows +- Don't set HAVE_WIN32_THREADS in win32config.h +- Use stdint.h with newer MSVC +- Remove cruft from win32config.h +- Remove isinf/isnan emulation in win32config.h +- Always fopen files with "rb" +- Remove __DJGPP__ checks +- Remove useless __CYGWIN__ checks + +### Build system + +- Don't autogenerate doc/examples/Makefile.am +- cmake: Install libxml.m4 on UNIX-like platforms (Daniel E) +- cmake: Use symbol versioning on UNIX-like platforms (Daniel E) +- Port genUnicode.py to Python 3 +- Port gentest.py to Python 3 +- cmake: Fix build without thread support +- cmake: Install documentation in CMAKE_INSTALL_DOCDIR +- cmake: Remove non needed files in docs dir (Daniel E) +- configure: move XML_PRIVATE_LIBS after WIN32_EXTRA_LIBADD is set + (Christopher Degawa) +- Move local Autoconf macros into m4 directory +- Use XML_PRIVATE_LIBS in libxml2_la_LIBADD +- Update libxml-2.0-uninstalled.pc.in +- Remove LIBS from XML_PRIVATE_LIBS +- Add WIN32_EXTRA_LIBADD to XML_PRIVATE_LIBS +- Don't overlink executables +- cmake: Adjust paths for UNIX or UNIX-like target systems (Daniel Engberg) +- build: Make use of variables in libxml's pkg-config file (Daniel Engberg) +- Avoid obsolescent `test -a` constructs (David Seifert) +- Move AM_MAINTAINER_MODE to AM section +- configure.ac: make AM_SILENT_RULES([yes]) unconditional (David Seifert) +- Streamline documentation installation +- Don't try to recreate COPYING symlink +- Detect libm using libtool's macros (David Seifert) +- configure.ac: disable static libraries by default (David Seifert) +- python/Makefile.am: nest python docs in $(docdir) (David Seifert) +- python/Makefile.am: rely on global AM_INIT_AUTOMAKE (David Seifert) +- Makefile.am: install examples more idiomatically (David Seifert) +- configure.ac: remove useless AC_SUBST (David Seifert) +- Respect `--sysconfdir` in source files (David Seifert) +- Ignore configure backup file created by recent autoreconf too (Vadim Zeitlin) +- Only install *.html and *.c example files +- Remove --with-html-dir option +- Rework documentation build system +- Remove old website +- Use AM_PATH_PYTHON/PKG_CHECK_MODULES for python bindings (David Seifert) +- Update genChRanges.py +- Update build_glob.py +- Remove ICONV_CONST test +- Remove obsolete AC_HEADER checks +- Don't check for standard C89 library functions +- Don't check for standard C89 headers +- Remove special configuration for certain maintainers + +### Test suite, CI + +- Disable network in API tests +- testapi: remove leading slash from "/missing.xml" (Mike Gilbert) +- Build Autotools CI tests out of source tree (VPATH) +- Add --with-minimum build to CI tests +- Fix warnings when testing --with-minimum build +- cmake: Run all tests when threads are disabled +- Also build CI tests with -Werror +- Move doc/examples tests to new test suite +- Simplify 'make check' targets +- Fix schemas and relaxng tests +- Remove unused result files +- Allow missing result files in runtest +- Move regexp tests to runtest +- Move SVG tests to runtest.c +- Move testModule to new test suite +- Move testThreads to new test suite +- Remove major parts of old test suite +- Make testchar return an error on failure (Tony Tascioglu) +- Add CI job for static build +- python/tests: open() relative to test scripts (David Seifert) +- Port some test scripts to Python 3 + +### Documentation + +- Improve documentation of tree manipulation API +- Update xml2-config man page +- Consolidate man pages +- Rename xmlcatalog_man.xml +- Make examples a standalone HTML page +- Fix documentation in entities.c +- Add note about optimization flags + + +v2.9.14: May 02 2022: + - Security: + [CVE-2022-29824] Integer overflow in xmlBuf and xmlBuffer + Fix potential double-free in xmlXPtrStringRangeFunction + Fix memory leak in xmlFindCharEncodingHandler + Normalize XPath strings in-place + Prevent integer-overflow in htmlSkipBlankChars() and xmlSkipBlankChars() + (David Kilzer) + Fix leak of xmlElementContent (David Kilzer) + + - Bug fixes: + Fix parsing of subtracted regex character classes + Fix recursion check in xinclude.c + Reset last error in xmlCleanupGlobals + Fix certain combinations of regex range quantifiers + Fix range quantifier on subregex + + - Improvements: + Fix recovery from invalid HTML start tags + + - Build system, portability: + Define LFS macros before including system headers + Initialize XPath floating-point globals + configure: check for icu DEFS (James Hilliard) + configure.ac: produce tar.xz only (GNOME policy) (David Seifert) + CMakeLists.txt: Fix LIBXML_VERSION_NUMBER + Fix build with older Python versions + Fix --without-valid build + + +v2.9.13: Feb 19 2022: + - Security: + [CVE-2022-23308] Use-after-free of ID and IDREF attributes + (Thanks to Shinji Sato for the report) + Use-after-free in xmlXIncludeCopyRange (David Kilzer) + Fix Null-deref-in-xmlSchemaGetComponentTargetNs (huangduirong) + Fix memory leak in xmlXPathCompNodeTest + Fix null pointer deref in xmlStringGetNodeList + Fix several memory leaks found by Coverity (David King) + + - Fixed regressions: + Fix regression in RelaxNG pattern matching + Properly handle nested documents in xmlFreeNode + Fix regression with PEs in external DTD + Fix random dropping of characters on dumping ASCII encoded XML (Mohammad Razavi) + Revert "Make schema validation fail with multiple top-level elements" + Fix regression when parsing invalid HTML tags in push mode + Fix regression parsing public IDs literals in HTML + Fix buffering in xmlOutputBufferWrite + Fix whitespace when serializing empty HTML documents + Fix XPath recursion limit + Fix regression in xmlNodeDumpOutputInternal + Work around lxml API abuse + + - Bug fixes: + Fix xmlSetTreeDoc with entity references + Fix double counting of CRLF in comments + Make sure to grow input buffer in xmlParseMisc + Don't ignore xmllint options after "-" + Don't normalize namespace URIs in XPointer xmlns() scheme + Fix handling of XSD with empty namespace + Also register HTML document nodes + Make xmllint return an error if arguments are missing + Fix handling of ctxt->base in xmlXPtrEvalXPtrPart + Fix xmllint --maxmem + Fix htmlReadFd, which was using a mix of xml and html context functions (Finn Barber) + Move current position before possible calling of ctxt->sax->characters (Yulin Li) + Fix parse failure when 4-byte character in UTF-16 BE is split across a chunk (David Kilzer) + Patch to forbid epsilon-reduction of final states (Arne Becker) + Avoid segfault at exit when using custom memory functions (Mike Dalessio) + + - Tests, code quality, fuzzing: + Remove .travis.yml + Make xmlFuzzReadString return a zero size in error case + Fix unused function warning in testapi.c + Update NewsML DTD in test suite + Add more checks for malloc failures in xmllint.c + Avoid potential integer overflow in xmlstring.c + Run CI tests with UBSan implicit-conversion checks + Fix casting of line numbers in SAX2.c + Fix integer conversion warnings in hash.c + Add explicit casts in runtest.c + Fix integer conversion warning in xmlIconvWrapper + Add suffix to unsigned constant in xmlmemory.c + Add explicit casts in testchar.c + Fix integer conversion warnings in xmlstring.c + Add explicit cast in xmlURIUnescapeString + Remove unused variable in xmlCharEncOutFunc (David King) + + - Build system, portability: + Remove xmlwin32version.h + Fix fuzzer test with VPATH build + Support custom prefix when installing Python module + Remove Makefile.win + Remove CVS and SVN-related code + Port python 3.x module to Windows and improve distutils (Chun-wei Fan) + Correctly install the HTML examples into their subdirectory (Mattia Rizzolo) + Refactor the settings of $docdir (Mattia Rizzolo) + Remove unused configure checks (Ben Boeckel) + python/Makefile.am: use *_LIBADD, not *_LDFLAGS for LIBS (Sam James) + Fix check for libtool in autogen.sh + Use version in configure.ac for CMake (Timothy Lyanguzov) + Add CMake alias targets for embedded projects (Markus Rickert) + + - Documentation: + Remove SVN keyword anchors + Rework README + Remove README.cvs-commits + Remove old ChangeLog + Update hyperlinks + Remove README.docs + Remove MAINTAINERS + Remove xmltutorial.pdf + Upload documentation to GitLab pages + Document how to escape XML_CATALOG_FILES + Fix libxml2.doap + Update URL for libxml++ C++ binding (Kjell Ahlstedt) + Generate devhelp2 index file (Emmanuele Bassi) + Mention XML_CATALOG_FILES is space-separated (Jan Tojnar) + Add documentaiton for xmllint exit code 10 (Rainer Canavan) + Fix some validation errors in the FAQ (David King) + Add instructions on how to use CMake to compile libxml (Markus Rickert) + + + +v2.9.12: May 13 2021: + - Build system: + Add fuzz.h and seed/regexp to EXTRA_DIST + + + +v2.9.11: May 13 2021: + - Security: + Patch for security issue CVE-2021-3541 (Daniel Veillard) + + - Documentation: + Clarify xmlNewDocProp documentation (Nick Wellnhofer) + + - Portability: + CMake: Only add postfixes if MSVC (Christopher Degawa), + Fix XPath NaN/Inf for older GCC versions (Nick Wellnhofer), + Use CMake PROJECT_VERSION (Markus Rickert), + Fix warnings in libxml.m4 with autoconf 2.70+. (Simon Josefsson), + Add CI for CMake on MSVC (Markus Rickert), + Update minimum required CMake version (Markus Rickert), + Add variables for configured options to CMake config files (Markus Rickert), + Check if variables exist when defining targets (Markus Rickert), + Check if target exists when reading target properties (Markus Rickert), + Add xmlcatalog target and definition to config files (Markus Rickert), + Remove include directories for link-only dependencies (Markus Rickert), + Fix ICU build in CMake (Markus Rickert), + Configure pkgconfig, xml2-config, and xml2Conf.sh file (Markus Rickert), + Update CMake config files (Markus Rickert), + Add xmlcatalog and xmllint to CMake export (Markus Rickert), + Simplify xmlexports.h (Nick Wellnhofer), + Require dependencies based on enabled CMake options (Markus Rickert), + Use NAMELINK_COMPONENT in CMake install (Markus Rickert), + Add CMake files to EXTRA_DIST (Markus Rickert), + Add missing compile definition for static builds to CMake (Markus Rickert), + Add CI for CMake on Linux and MinGW (Markus Rickert), + Fix variable name in win32/configure.js (Nick Wellnhofer), + Fix version parsing in win32/configure.js (Nick Wellnhofer), + Fix autotools warnings (Nick Wellnhofer), + Update config.h.cmake.in (Markus Rickert), + win32: allow passing *FLAGS on command line (Michael Stahl), + Configure file xmlwin32version.h.in on MSVC (Markus Rickert), + List headers individually (Markus Rickert), + Add CMake build files (Markus Rickert), + Parenthesize Py_Check() in ifs (Miro Hrončok), + Minor fixes to configure.js (Nick Wellnhofer) + + - Bug Fixes: + Fix null deref in legacy SAX1 parser (Nick Wellnhofer), + Fix handling of unexpected EOF in xmlParseContent (Nick Wellnhofer), + Fix line numbers in error messages for mismatched tags (Nick Wellnhofer), + Fix htmlTagLookup (Nick Wellnhofer), + Propagate error in xmlParseElementChildrenContentDeclPriv (Nick Wellnhofer), + Fix user-after-free with `xmllint --xinclude --dropdtd` (Nick Wellnhofer), + Fix dangling pointer with `xmllint --dropdtd` (Nick Wellnhofer), + Validate UTF8 in xmlEncodeEntities (Joel Hockey), + Fix use-after-free with `xmllint --html --push` (Nick Wellnhofer), + Allow FP division by zero in xmlXPathInit (Nick Wellnhofer), + Fix xmlGetNodePath with invalid node types (Nick Wellnhofer), + Fix exponential behavior with recursive entities (Nick Wellnhofer), + Fix quadratic behavior when looking up xml:* attributes (Nick Wellnhofer), + Fix slow parsing of HTML with encoding errors (Nick Wellnhofer), + Fix null deref introduced with previous commit (Nick Wellnhofer), + Check for invalid redeclarations of predefined entities (Nick Wellnhofer), + Add the copy of type from original xmlDoc in xmlCopyDoc() (SVGAnimate), + parser.c: shrink the input buffer when appropriate (Mike Dalessio), + Fix infinite loop in HTML parser introduced with recent commits (Nick Wellnhofer), + Fix quadratic runtime when parsing CDATA sections (Nick Wellnhofer), + Fix timeout when handling recursive entities (Nick Wellnhofer), + Fix memory leak in xmlParseElementMixedContentDecl (Nick Wellnhofer), + Fix null deref in xmlStringGetNodeList (Nick Wellnhofer), + use new htmlParseLookupCommentEnd to find comment ends (Mike Dalessio), + htmlParseComment: treat `--!>` as if it closed the comment (Mike Dalessio), + Fix integer overflow in xmlSchemaGetParticleTotalRangeMin (Nick Wellnhofer), + encoding: fix memleak in xmlRegisterCharEncodingHandler() (Xiaoming Ni), + xmlschemastypes.c: xmlSchemaGetFacetValueAsULong add, check "facet->val" (Xiaoming Ni), + Fix null pointer deref in xmlXPtrRangeInsideFunction (Nick Wellnhofer), + Fix quadratic runtime in HTML push parser with null bytes (Nick Wellnhofer), + Avoid quadratic checking of identity-constraints (Michael Matz), + Fix building with ICU 68. (Frederik Seiffert), + Convert python/libxml.c to PY_SSIZE_T_CLEAN (Victor Stinner), + Fix xmlURIEscape memory leaks. (Elliott Hughes), + Avoid call stack overflow with XML reader and recursive XIncludes (Nick Wellnhofer), + Fix caret in regexp character group (Nick Wellnhofer), + parser.c: xmlParseCharData peek behavior fixed wrt newlines (Mike Dalessio), + Fix memory leaks in XPointer string-range function (Nick Wellnhofer), + Fix use-after-free when XIncluding text from Reader (Nick Wellnhofer), + Fix SEGV in xmlSAXParseFileWithData (yanjinjq), + Fix null deref in XPointer expression error path (Nick Wellnhofer), + Don't call xmlXPathInit directly (Nick Wellnhofer), + Fix cleanup of attributes in XML reader (Nick Wellnhofer), + Fix double free in XML reader with XIncludes (Nick Wellnhofer), + Fix memory leak in xmlXIncludeAddNode error paths (Nick Wellnhofer), + Revert "Fix quadratic runtime in xi:fallback processing" (Nick Wellnhofer), + Fix error reporting with xi:fallback (Nick Wellnhofer), + Fix quadratic runtime in xi:fallback processing (Nick Wellnhofer), + Fix corner case with empty xi:fallback (Nick Wellnhofer), + Fix XInclude regression introduced with recent commit (Nick Wellnhofer), + Fix memory leak in runtest.c (Nick Wellnhofer), + Make "xmllint --push --recovery" work (Nick Wellnhofer), + Revert "Do not URI escape in server side includes" (Nick Wellnhofer), + Fix column number accounting in xmlParse*NameAndCompare (Nick Wellnhofer), + Stop counting nbChars in parser context (Nick Wellnhofer), + Fix out-of-bounds read with 'xmllint --htmlout' (Nick Wellnhofer), + Fix exponential runtime and memory in xi:fallback processing (Nick Wellnhofer), + Don't process siblings of root in xmlXIncludeProcess (Nick Wellnhofer), + Don't recurse into xi:include children in xmlXIncludeDoProcess (Nick Wellnhofer), + Fix memory leak in xmlXIncludeIncludeNode error paths (Nick Wellnhofer), + Check for custom free function in global destructor (Nick Wellnhofer), + Fix integer overflow when comparing schema dates (Nick Wellnhofer), + Fix exponential runtime in xmlFARecurseDeterminism (Nick Wellnhofer), + Don't try to handle namespaces when building HTML documents (Nick Wellnhofer), + Fix several quadratic runtime issues in HTML push parser (Nick Wellnhofer), + Fix quadratic runtime when push parsing HTML start tags (Nick Wellnhofer), + Reset XML parser input before reporting errors (David Kilzer), + Fix quadratic runtime when push parsing HTML entity refs (Nick Wellnhofer), + Fix HTML push parser lookahead (Nick Wellnhofer), + Make htmlCurrentChar always translate U+0000 (Nick Wellnhofer), + Fix UTF-8 decoder in HTML parser (Nick Wellnhofer), + Fix quadratic runtime when parsing HTML script content (Nick Wellnhofer), + Reset HTML parser input before reporting error (Nick Wellnhofer), + Fix more quadratic runtime issues in HTML push parser (Nick Wellnhofer), + Fix regression introduced with 477c7f6a (Nick Wellnhofer), + Fix quadratic runtime in HTML parser (Nick Wellnhofer), + Reset HTML parser input before reporting encoding error (Nick Wellnhofer), + Fix integer overflow in xmlFAParseQuantExact (Nick Wellnhofer), + Fix return value of xmlC14NDocDumpMemory (Nick Wellnhofer), + Don't follow next pointer on documents in xmlXPathRunStreamEval (Nick Wellnhofer), + Fix integer overflow in _xmlSchemaParseGYear (Nick Wellnhofer), + Fix integer overflow when parsing {min,max}Occurs (Nick Wellnhofer), + Fix another memory leak in xmlSchemaValAtomicType (Nick Wellnhofer), + Fix unsigned integer overflow in htmlParseTryOrFinish (Nick Wellnhofer), + Fix integer overflow in htmlParseCharRef (Nick Wellnhofer), + Fix undefined behavior in UTF16LEToUTF8 (Nick Wellnhofer), + Fix return value of xmlCharEncOutput (Nick Wellnhofer), + Never expand parameter entities in text declaration (Nick Wellnhofer), + Fix undefined behavior in xmlXPathTryStreamCompile (Nick Wellnhofer), + Fix use-after-free with validating reader (Nick Wellnhofer), + xmlParseBalancedChunkMemory must not be called with NULL doc (Nick Wellnhofer), + Revert "Fix memory leak in xmlParseBalancedChunkMemoryRecover" (Nick Wellnhofer), + Fix memory leak in xmlXIncludeLoadDoc error path (Nick Wellnhofer), + Make schema validation fail with multiple top-level elements (Nick Wellnhofer), + Call xmlCleanupParser on ELF destruction (Samuel Thibault), + Fix copying of entities in xmlParseReference (Nick Wellnhofer), + Fix memory leak in xmlSchemaValidateStream (Zhipeng Xie), + Fix xmlSchemaGetCanonValue formatting for date and dateTime (Kevin Puetz), + Fix memory leak when shared libxml.dll is unloaded (Kevin Puetz), + Fix potentially-uninitialized critical section in Win32 DLL builds (Kevin Puetz), + Fix integer overflow in xmlBufferResize (Nick Wellnhofer), + Check for overflow when allocating two-dimensional arrays (Nick Wellnhofer), + Remove useless comparisons (Nick Wellnhofer), + Fix overflow check in xmlNodeDump (Nick Wellnhofer), + Fix infinite loop in xmlStringLenDecodeEntities (Zhipeng Xie), + Fix freeing of nested documents (Nick Wellnhofer), + Fix more memory leaks in error paths of XPath parser (Nick Wellnhofer), + Fix memory leaks of encoding handlers in xmlsave.c (Nick Wellnhofer), + Fix xml2-config error code (Nick Wellnhofer), + Fix memory leak in error path of XPath expr parser (Nick Wellnhofer), + Fix overflow handling in xmlBufBackToBuffer (Nick Wellnhofer), + Null pointer handling in catalog.c (raniervf), + xml2-config.in: fix regressions introduced by commit 2f2bf4b2c (Dmitry V. Levin) + + - Improvements: + Store per-element parser state in a struct (Nick Wellnhofer), + update for xsd:language type check (PaulHiggs), + Update INSTALL.libxml2 (Nick Wellnhofer), + Fix include order in c14n.h (Nick Wellnhofer), + Fix duplicate xmlStrEqual calls in htmlParseEndTag (Nick Wellnhofer), + Speed up htmlCheckAutoClose (Nick Wellnhofer), + Speed up htmlTagLookup (Nick Wellnhofer), + Stop checking attributes for UTF-8 validity (Nick Wellnhofer), + Reduce some fuzzer timeouts (Nick Wellnhofer), + Only run a few CI tests unless scheduled (Nick Wellnhofer), + Improve fuzzer stability (Nick Wellnhofer), + Check for feature flags in fuzzer tests (Nick Wellnhofer), + Another attempt at improving fuzzer stability (Nick Wellnhofer), + Revert "Improve HTML fuzzer stability" (Nick Wellnhofer), + Add charset names to fuzzing dictionaries (Nick Wellnhofer), + Improve HTML fuzzer stability (Nick Wellnhofer), + Add CI for MSVC x86 (Markus Rickert), + Add a flag to not output anything when xmllint succeeded (hhb), + Speed up HTML fuzzer (Nick Wellnhofer), + Remove unused encoding parameter of HTML output functions (Nick Wellnhofer), + Handle malloc failures in fuzzing code (Nick Wellnhofer), + add test coverage for incorrectly-closed comments (Mike Dalessio), + Enforce maximum length of fuzz input (Nick Wellnhofer), + Remove temporary members from struct _xmlXPathContext (Nick Wellnhofer), + Build the Python extension with PY_SSIZE_T_CLEAN (Victor Stinner), + Add CI test for Python 3 (Nick Wellnhofer), + Add fuzzing dictionaries to EXTRA_DIST (Nick Wellnhofer), + Add 'fuzz' subdirectory to DIST_SUBDIRS (Nick Wellnhofer), + Allow port numbers up to INT_MAX (Nick Wellnhofer), + Handle dumps of corrupted documents more gracefully (Nick Wellnhofer), + Limit size of free lists in XML reader when fuzzing (Nick Wellnhofer), + Hardcode maximum XPath recursion depth (Nick Wellnhofer), + Pass URL of main entity in XML fuzzer (Nick Wellnhofer), + Consolidate seed corpus generation (Nick Wellnhofer), + Test fuzz targets with dummy driver (Nick Wellnhofer), + Fix regression introduced with commit d88df4b (Nick Wellnhofer), + Fix regression introduced with commit 74dcc10b (Nick Wellnhofer), + Add TODO comment in xinclude.c (Nick Wellnhofer), + Stop using maxParserDepth in xpath.c (Nick Wellnhofer), + Remove dead code in xinclude.c (Nick Wellnhofer), + Don't add formatting newlines to XInclude nodes (Nick Wellnhofer), + Don't use SAX1 if all element handlers are NULL (Nick Wellnhofer), + Remove unneeded progress checks in HTML parser (Nick Wellnhofer), + Use strcmp when fuzzing (Nick Wellnhofer), + Fix XPath fuzzer (Nick Wellnhofer), + Fuzz XInclude engine (Nick Wellnhofer), + Add XPath and XPointer fuzzer (Nick Wellnhofer), + Update fuzzing code (Nick Wellnhofer), + More *NodeDumpOutput fixes (Nick Wellnhofer), + Fix *NodeDumpOutput functions (Nick Wellnhofer), + Make xmlNodeDumpOutputInternal non-recursive (Nick Wellnhofer), + Make xhtmlNodeDumpOutput non-recursive (Nick Wellnhofer), + Make htmlNodeDumpFormatOutput non-recursive (Nick Wellnhofer), + Fix .gitattributes (Nick Wellnhofer), + Rework control flow in htmlCurrentChar (Nick Wellnhofer), + Make 'xmllint --html --push -' read from stdin (Nick Wellnhofer), + Remove misleading comments in xpath.c (Nick Wellnhofer), + Update to Devhelp index file format version 2 (Andre Klapper), + Set project language to C (Markus Rickert), + Add variable for working directory of XML Conformance Test Suite (Markus Rickert), + Add additional tests and XML Conformance Test Suite (Markus Rickert), + Add command line option for temp directory in runtest (Markus Rickert), + Ensure LF line endings for test files (Markus Rickert), + Enable runtests and testThreads (Markus Rickert), + Limit regexp nesting depth (Nick Wellnhofer), + Fix return values and documentation in encoding.c (Nick Wellnhofer), + Add regexp regression tests (David Kilzer), + Report error for invalid regexp quantifiers (Nick Wellnhofer), + Fix rebuilding docs, by hiding __attribute__((...)) behind a macro. (Martin Vidner), + Copy xs:duration parser from libexslt (Nick Wellnhofer), + Fuzz target for XML Schemas (Nick Wellnhofer), + Move entity recorder to fuzz.c (Nick Wellnhofer), + Fuzz target for HTML parser (Nick Wellnhofer), + Update GitLab CI container (Nick Wellnhofer), + Add options file for xml fuzzer (Nick Wellnhofer), + Add a couple of libFuzzer targets (Nick Wellnhofer), + Guard new calls to xmlValidatePopElement in xml_reader.c (Daniel Cheng), + Add LIBXML_VALID_ENABLED to xmlreader (Łukasz Wojniłowicz), + Fix typos (Nick Wellnhofer), + Disable LeakSanitizer (Nick Wellnhofer), + Stop calling SAX getEntity handler from XMLReader (Nick Wellnhofer), + Add test case for recursive external parsed entities (Nick Wellnhofer), + Enable error tests with entity substitution (Nick Wellnhofer), + Don't load external entity from xmlSAX2GetEntity (Nick Wellnhofer), + Merge code paths loading external entities (Nick Wellnhofer), + Copy some XMLReader option flags to parser context (Nick Wellnhofer), + Add xmlPopOutputCallbacks (Nick Wellnhofer), + Updated Python test reader2.py (Pieter van Oostrum), + Updated python/tests/tstLastError.py (Pieter van Oostrum), + Use random seed in xmlDictComputeFastKey (Ranier Vilela), + Enable more undefined behavior sanitizers (Nick Wellnhofer) + + + +v2.9.10: Oct 30 2019: + - Documentation: + Fix a few more typos ("fonction") (Nick Wellnhofer), + Large batch of typo fixes (Jared Yanovich), + Fix typos: tree: move{ -> s}, reconcil{i -> }ed, h{o -> e}ld by... (Jan Pokorný), + Fix typo: xpath: simpli{ -> fi}ed (Jan Pokorný), + Doc: do not mislead towards "infeasible" scenario wrt. xmlBufNodeDump (Jan Pokorný), + Fix comments in test code (zhouzhongyuan), + fix comment in testReader.c (zhouzhongyuan) + + - Portability: + Fix some release issues on Fedora 30 (Daniel Veillard), + Fix exponent digits when running tests under old MSVC (Daniel Richard G), + Work around buggy ceil() function on AIX (Daniel Richard G), + Don't call printf with NULL string in runtest.c (Daniel Richard G), + Switched from unsigned long to ptrdiff_t in parser.c (Stephen Chenney), + timsort.h: support older GCCs (Jérôme Duval), + Make configure.ac work with older pkg-config (Nick Wellnhofer), + Stop defining _REENTRANT on some Win32 platforms (Nick Wellnhofer), + Fix nanohttp.c on MinGW (Nick Wellnhofer), + Fix Windows compiler warning in testC14N.c (Nick Wellnhofer), + Merge testThreadsWin32.c into testThreads.c (Nick Wellnhofer), + Fix Python bindings under Windows (Nick Wellnhofer) + + - Bug Fixes: + Another fix for conditional sections at end of document (Nick Wellnhofer), + Fix for conditional sections at end of document (Nick Wellnhofer), + Make sure that Python tests exit with error code (Nick Wellnhofer), + Audit memory error handling in xpath.c (Nick Wellnhofer), + Fix error code in xmlTextWriterStartDocument (Nick Wellnhofer), + Fix integer overflow when counting written bytes (Nick Wellnhofer), + Fix uninitialized memory access in HTML parser (Nick Wellnhofer), + Fix memory leak in xmlSchemaValAtomicType (Nick Wellnhofer), + Disallow conditional sections in internal subset (Nick Wellnhofer), + Fix use-after-free in xmlTextReaderFreeNodeList (Nick Wellnhofer), + Fix Regextests (Nick Wellnhofer), + Fix empty branch in regex (Nick Wellnhofer), + Fix integer overflow in entity recursion check (Nick Wellnhofer), + Don't read external entities or XIncludes from stdin (Nick Wellnhofer), + Fix Schema determinism check of ##other namespaces (Nick Wellnhofer), + Fix potential null deref in xmlSchemaIDCFillNodeTables (zhouzhongyuan), + Fix potential memory leak in xmlBufBackToBuffer (Nick Wellnhofer), + Fix error message when processing XIncludes with fallbacks (Nick Wellnhofer), + Fix memory leak in xmlRegEpxFromParse (zhouzhongyuan), + 14:00 is a valid timezone for xs:dateTime (Nick Wellnhofer), + Fix memory leak in xmlParseBalancedChunkMemoryRecover (Zhipeng Xie), + Fix potential null deref in xmlRelaxNGParsePatterns (Nick Wellnhofer), + Misleading error message with xs:{min|max}Inclusive (bettermanzzy), + Fix memory leak in xmlXIncludeLoadTxt (Wang Kirin), + Partial fix for comparison of xs:durations (Nick Wellnhofer), + Fix null deref in xmlreader buffer (zhouzhongyuan), + Fix unability to RelaxNG-validate grammar with choice-based name class (Jan Pokorný), + Fix unability to validate ambiguously constructed interleave for RelaxNG (Jan Pokorný), + Fix possible null dereference in xmlXPathIdFunction (zhouzhongyuan), + fix memory leak in xmlAllocOutputBuffer (zhouzhongyuan), + Fix unsigned int overflow (Jens Eggerstedt), + dict.h: gcc 2.95 doesn't allow multiple storage classes (Nick Wellnhofer), + Fix another code path in xmlParseQName (Nick Wellnhofer), + Make sure that xmlParseQName returns NULL in error case (Nick Wellnhofer), + Fix build without reader but with pattern (Nick Wellnhofer), + Fix memory leak in xmlAllocOutputBufferInternal error path (Nick Wellnhofer), + Fix unsigned integer overflow (Nick Wellnhofer), + Fix return value of xmlOutputBufferWrite (Nick Wellnhofer), + Fix parser termination from "Double hyphen within comment" error (David Warring), + Fix call stack overflow in xmlFreePattern (Nick Wellnhofer), + Fix null deref in previous commit (Nick Wellnhofer), + Fix memory leaks in xmlXPathParseNameComplex error paths (Nick Wellnhofer), + Check for integer overflow in xmlXPtrEvalChildSeq (Nick Wellnhofer), + Fix xmllint dump of XPath namespace nodes (Nick Wellnhofer), + Fix float casts in xmlXPathSubstringFunction (Nick Wellnhofer), + Fix null deref in xmlregexp error path (Nick Wellnhofer), + Fix null pointer dereference in xmlTextReaderReadOuterXml (Nick Wellnhofer), + Fix memory leaks in xmlParseStartTag2 error paths (Nick Wellnhofer), + Fix memory leak in xmlSAX2StartElement (Nick Wellnhofer), + Fix commit "Memory leak in xmlFreeID (xmlreader.c)" (Nick Wellnhofer), + Fix NULL pointer deref in xmlTextReaderValidateEntity (Nick Wellnhofer), + Memory leak in xmlFreeTextReader (Nick Wellnhofer), + Memory leak in xmlFreeID (xmlreader.c) (Nick Wellnhofer) + + - Improvements: + Run XML conformance tests under CI (Nick Wellnhofer), + Update GitLab CI config (Nick Wellnhofer), + Propagate memory errors in valuePush (Nick Wellnhofer), + Propagate memory errors in xmlXPathCompExprAdd (Nick Wellnhofer), + Make xmlFreeDocElementContent non-recursive (Nick Wellnhofer), + Enable continuous integration via GitLab CI (Nick Wellnhofer), + Avoid ignored attribute warnings under GCC (Nick Wellnhofer), + Make xmlDumpElementContent non-recursive (Nick Wellnhofer), + Make apibuild.py ignore ATTRIBUTE_NO_SANITIZE (Nick Wellnhofer), + Mark xmlExp* symbols as removed (Nick Wellnhofer), + Make xmlParseConditionalSections non-recursive (Nick Wellnhofer), + Adjust expected error in Python tests (Nick Wellnhofer), + Make xmlTextReaderFreeNodeList non-recursive (Nick Wellnhofer), + Make xmlFreeNodeList non-recursive (Nick Wellnhofer), + Make xmlParseContent and xmlParseElement non-recursive (Nick Wellnhofer), + Remove executable bit from non-executable files (Nick Wellnhofer), + Fix expected output of test/schemas/any4 (Nick Wellnhofer), + Optimize build instructions in README (zhouzhongyuan), + xml2-config.in: Output CFLAGS and LIBS on the same line (Hugh McMaster), + xml2-config: Add a --dynamic switch to print only shared libraries (Hugh McMaster), + Annotate functions with __attribute__((no_sanitize)) (Nick Wellnhofer), + Fix warnings when compiling without reader or push parser (Nick Wellnhofer), + Remove unused member `doc` in xmlSaveCtxt (Nick Wellnhofer), + Limit recursion depth in xmlXPathCompOpEvalPredicate (Nick Wellnhofer), + Remove -Wno-array-bounds (Nick Wellnhofer), + Remove unreachable code in xmlXPathCountFunction (Nick Wellnhofer), + Improve XPath predicate and filter evaluation (Nick Wellnhofer), + Limit recursion depth in xmlXPathOptimizeExpression (Nick Wellnhofer), + Disable hash randomization when fuzzing (Nick Wellnhofer), + Optional recursion limit when parsing XPath expressions (Nick Wellnhofer), + Optional recursion limit when evaluating XPath expressions (Nick Wellnhofer), + Use break statements in xmlXPathCompOpEval (Nick Wellnhofer), + Optional XPath operation limit (Nick Wellnhofer), + Fix compilation with --with-minimum (Nick Wellnhofer), + Check XPath stack after calling functions (Nick Wellnhofer), + Remove debug printf in xmlreader.c (Nick Wellnhofer), + Always define LIBXML_THREAD_ENABLED when enabled (Michael Haubenwallner), + Regenerate NEWS (Nick Wellnhofer), + Change git repo URL (Nick Wellnhofer), + Change bug tracker URL (Nick Wellnhofer), + Remove outdated HTML file (Nick Wellnhofer), + Fix unused function warning in testapi.c (Nick Wellnhofer), + Add some generated test files to .gitignore (Nick Wellnhofer), + Remove unneeded function pointer casts (Nick Wellnhofer), + Fix -Wcast-function-type warnings (GCC 8) (Nick Wellnhofer), + Fix -Wformat-truncation warnings (GCC 8) (Nick Wellnhofer) + + - Cleanups: + Rebuild docs (Nick Wellnhofer), + Disable xmlExp regex code (Nick Wellnhofer), + Remove redundant code in xmlRelaxNGValidateState (Nick Wellnhofer), + Remove redundant code in xmlXPathCompRelationalExpr (Nick Wellnhofer) + + + +v2.9.9: Jan 03 2019: + - Security: + CVE-2018-9251 CVE-2018-14567 Fix infinite loop in LZMA decompression (Nick Wellnhofer), + CVE-2018-14404 Fix nullptr deref with XPath logic ops (Nick Wellnhofer), + + - Documentation: + reader: Fix documentation comment (Mohammed Sadiq) + + - Portability: + Fix MSVC build with lzma (Nick Wellnhofer), + Variables need 'extern' in static lib on Cygwin (Michael Haubenwallner), + Really declare dllexport/dllimport for Cygwin (Michael Haubenwallner), + Merge branch 'patch-2' into 'master' (Nick Wellnhofer), + Change dir to $THEDIR after ACLOCAL_PATH check autoreconf creates aclocal.m4 in $srcdir (Vitaly Buka), + Improve error message if pkg.m4 couldn't be found (Nick Wellnhofer), + NaN and Inf fixes for pre-C99 compilers (Nick Wellnhofer) + + - Bug Fixes: + Revert "Support xmlTextReaderNextSibling w/o preparsed doc" (Nick Wellnhofer), + Fix building relative URIs (Thomas Holder), + Problem with data in interleave in RelaxNG validation (Nikolai Weibull), + Fix memory leak in xmlSwitchInputEncodingInt error path (Nick Wellnhofer), + Set doc on element obtained from freeElems (Nick Wellnhofer), + Fix HTML serialization with UTF-8 encoding (Nick Wellnhofer), + Use actual doc in xmlTextReaderRead*Xml (Nick Wellnhofer), + Unlink node before freeing it in xmlSAX2StartElement (Nick Wellnhofer), + Check return value of nodePush in xmlSAX2StartElement (Nick Wellnhofer), + Free input buffer in xmlHaltParser (Nick Wellnhofer), + Reset HTML parser input pointers on encoding failure (Nick Wellnhofer), + Don't run icu_parse_test if EUC-JP is unsupported (Nick Wellnhofer), + Fix xmlSchemaValidCtxtPtr reuse memory leak (Greg Hildstrom), + Fix xmlTextReaderNext with preparsed document (Felix Bünemann), + Remove stray character from comment (Nick Wellnhofer), + Remove a misleading line from xmlCharEncOutput (Andrey Bienkowski), + HTML noscript should not close p (Daniel Veillard), + Don't change context node in xmlXPathRoot (Nick Wellnhofer), + Stop using XPATH_OP_RESET (Nick Wellnhofer), + Revert "Change calls to xmlCharEncInput to set flush false" (Nick Wellnhofer) + + - Improvements: + Fix "Problem with data in interleave in RelaxNG validation" (Nikolai Weibull), + cleanup: remove some unreachable code (Thomas Holder), + add --relative to testURI (Thomas Holder), + Remove redefined starts and defines inside include elements (Nikolai Weibull), + Allow choice within choice in nameClass in RELAX NG (Nikolai Weibull), + Look inside divs for starts and defines inside include (Nikolai Weibull), + Add compile and libxml2-config.cmake to .gitignore (Nikolai Weibull), + Stop using doc->charset outside parser code (Nick Wellnhofer), + Add newlines to 'xmllint --xpath' output (Nick Wellnhofer), + Don't include SAX.h from globals.h (Nick Wellnhofer), + Support xmlTextReaderNextSibling w/o preparsed doc (Felix Bünemann), + Don't instruct user to run make when autogen.sh failed (林博仁(Buo-ren Lin)), + Run Travis ASan tests with "sudo: required" (Nick Wellnhofer), + Improve restoring of context size and position (Nick Wellnhofer), + Simplify and harden nodeset filtering (Nick Wellnhofer), + Avoid unnecessary backups of the context node (Nick Wellnhofer), + Fix inconsistency in xmlXPathIsInf (Nick Wellnhofer) + + - Cleanups: + + + +v2.9.8: Mar 05 2018: + - Portability: + python: remove single use of _PyVerify_fd (Patrick Welche), + Build more test executables on Windows/MSVC (Nick Wellnhofer), + Stop including ansidecl.h (Nick Wellnhofer), + Fix libz and liblzma detection (Nick Wellnhofer), + Revert "Compile testapi with -Wno-unused-function" (Nick Wellnhofer) + + - Bug Fixes: + Fix xmlParserEntityCheck (Nick Wellnhofer), + Halt parser in case of encoding error (Nick Wellnhofer), + Clear entity content in case of errors (Nick Wellnhofer), + Change calls to xmlCharEncInput to set flush false when not final call. Having flush incorrectly set to true causes errors for ICU. (Joel Hockey), + Fix buffer over-read in xmlParseNCNameComplex (Nick Wellnhofer), + Fix ICU library filenames on Windows/MSVC (Nick Wellnhofer), + Fix xmlXPathIsNaN broken by recent commit (Nick Wellnhofer), + Fix -Wenum-compare warnings (Nick Wellnhofer), + Fix callback signature in testapi.c (Nick Wellnhofer), + Fix unused parameter warning without ICU (Nick Wellnhofer), + Fix IO callback signatures (Nick Wellnhofer), + Fix misc callback signatures (Nick Wellnhofer), + Fix list callback signatures (Nick Wellnhofer), + Fix hash callback signatures (Nick Wellnhofer), + Refactor name and type signature for xmlNop (Vlad Tsyrklevich), + Fixed ICU to set flush correctly and provide pivot buffer. (Joel Hockey), + Skip EBCDIC tests if EBCDIC isn't supported (Nick Wellnhofer) + + - Improvements: + Disable pointer-overflow UBSan checks under Travis (Nick Wellnhofer), + Improve handling of context input_id (Daniel Veillard), + Add resource file to Windows DLL (ccpaging), + Run Travis tests with -Werror (Nick Wellnhofer), + Build with "-Wall -Wextra" (Nick Wellnhofer), + Fix -Wtautological-pointer-compare warnings (Nick Wellnhofer), + Remove unused AC_CHECKs (Nick Wellnhofer), + Update information about contributing (Nick Wellnhofer), + Fix -Wmisleading-indentation warnings (Nick Wellnhofer), + Don't touch CFLAGS in configure.ac (Nick Wellnhofer), + Ignore function pointer cast warnings (Nick Wellnhofer), + Simplify XPath NaN, inf and -0 handling (Nick Wellnhofer), + Introduce xmlPosixStrdup and update xmlMemStrdup (Nick Wellnhofer), + Add test for ICU flush and pivot buffer (Nick Wellnhofer), + Compile testapi with -Wno-unused-function (Nick Wellnhofer) + + + +2.9.7: Nov 02 2017: + - Documentation: + xmlcatalog: refresh man page wrt. querying system catalog easily (Jan Pokorný) + + - Portability: + Fix deprecated Travis compiler flag (Nick Wellnhofer), + Add declaration for DllMain (J. Peter Mugaas), + Fix preprocessor conditional in threads.h (J. Peter Mugaas), + Fix pointer comparison warnings on 64-bit Windows (J. Peter Mugaas), + Fix macro redefinition warning (J. Peter Mugaas), + Default to native threads on MinGW-w64 (Nick Wellnhofer), + Simplify Windows IO functions (Nick Wellnhofer), + Fix runtest on Windows (Nick Wellnhofer), + socklen_t is always int on Windows (Nick Wellnhofer), + Don't redefine socket error codes on Windows (Nick Wellnhofer), + Fix pointer/int cast warnings on 64-bit Windows (Nick Wellnhofer), + Fix Windows compiler warnings in xmlCanonicPath (Nick Wellnhofer) + + - Bug Fixes: + xmlcatalog: restore ability to query system catalog easily (Jan Pokorný), + Fix comparison of nodesets to strings (Nick Wellnhofer) + + - Improvements: + Add Makefile rules to rebuild HTML man pages (Nick Wellnhofer), + Fix mixed decls and code in timsort.h (Nick Wellnhofer), + Rework handling of return values in thread tests (Nick Wellnhofer), + Fix unused variable warnings in testrecurse (Nick Wellnhofer), + Fix -Wimplicit-fallthrough warnings (J. Peter Mugaas), + Upgrade timsort.h to latest revision (Nick Wellnhofer), + Increase warning level to /W3 under MSVC (Nick Wellnhofer), + Fix a couple of warnings in dict.c and threads.c (Nick Wellnhofer), + Update .gitignore for Windows (Nick Wellnhofer), + Fix unused variable warnings in nanohttp.c (Nick Wellnhofer), + Fix the Windows header mess (Nick Wellnhofer), + Don't include winsock2.h in xmllint.c (Nick Wellnhofer), + Remove generated file python/setup.py from version control (Nick Wellnhofer), + Use __linux__ macro in generated code (Nick Wellnhofer) + + + +v2.9.6: Oct 06 2017: + - Portability: + Change preprocessor OS tests to __linux__ (Nick Wellnhofer) + + - Bug Fixes: + Fix XPath stack frame logic (Nick Wellnhofer), + Report undefined XPath variable error message (Nick Wellnhofer), + Fix regression with librsvg (Nick Wellnhofer), + Handle more invalid entity values in recovery mode (Nick Wellnhofer), + Fix structured validation errors (Nick Wellnhofer), + Fix memory leak in LZMA decompressor (Nick Wellnhofer), + Set memory limit for LZMA decompression (Nick Wellnhofer), + Handle illegal entity values in recovery mode (Nick Wellnhofer), + Fix debug dump of streaming XPath expressions (Nick Wellnhofer), + Fix memory leak in nanoftp (Nick Wellnhofer), + Fix memory leaks in SAX1 parser (Nick Wellnhofer) + + + +v2.9.5: Sep 04 2017: + - Security: + Detect infinite recursion in parameter entities (Nick Wellnhofer), + Fix handling of parameter-entity references (Nick Wellnhofer), + Disallow namespace nodes in XPointer ranges (Nick Wellnhofer), + Fix XPointer paths beginning with range-to (Nick Wellnhofer) + + - Documentation: + Documentation fixes (Nick Wellnhofer), + Spelling and grammar fixes (Nick Wellnhofer) + + - Portability: + Adding README.zOS to list of extra files for the release (Daniel Veillard), + Description of work needed to compile on zOS (Stéphane Michaut), + Porting libxml2 on zOS encoding of code (Stéphane Michaut), + small changes for OS/400 (Patrick Monnerat), + relaxng.c, xmlschemas.c: Fix build on pre-C99 compilers (Chun-wei Fan) + + - Bug Fixes: + Problem resolving relative URIs (Daniel Veillard), + Fix unwanted warnings when switching encodings (Nick Wellnhofer), + Fix signature of xmlSchemaAugmentImportedIDC (Daniel Veillard), + Heap-buffer-overflow read of size 1 in xmlFAParsePosCharGroup (David Kilzer), + Fix NULL pointer deref in xmlFAParseCharClassEsc (Nick Wellnhofer), + Fix infinite loops with push parser in recovery mode (Nick Wellnhofer), + Send xmllint usage error to stderr (Nick Wellnhofer), + Fix NULL deref in xmlParseExternalEntityPrivate (Nick Wellnhofer), + Make sure not to call IS_BLANK_CH when parsing the DTD (Nick Wellnhofer), + Fix xmlHaltParser (Nick Wellnhofer), + Fix pathological performance when outputting charrefs (Nick Wellnhofer), + Fix invalid-source-encoding warnings in testWriter.c (Nick Wellnhofer), + Fix duplicate SAX callbacks for entity content (David Kilzer), + Treat URIs with scheme as absolute in C14N (Nick Wellnhofer), + Fix copy-paste errors in error messages (Nick Wellnhofer), + Fix sanity check in htmlParseNameComplex (Nick Wellnhofer), + Fix potential infinite loop in xmlStringLenDecodeEntities (Nick Wellnhofer), + Reset parser input pointers on encoding failure (Nick Wellnhofer), + Fix memory leak in xmlParseEntityDecl error path (Nick Wellnhofer), + Fix xmlBuildRelativeURI for URIs starting with './' (Nick Wellnhofer), + Fix type confusion in xmlValidateOneNamespace (Nick Wellnhofer), + Fix memory leak in xmlStringLenGetNodeList (Nick Wellnhofer), + Fix NULL pointer deref in xmlDumpElementContent (Daniel Veillard), + Fix memory leak in xmlBufAttrSerializeTxtContent (Nick Wellnhofer), + Stop parser on unsupported encodings (Nick Wellnhofer), + Check for integer overflow in memory debug code (Nick Wellnhofer), + Fix buffer size checks in xmlSnprintfElementContent (Nick Wellnhofer), + Avoid reparsing in xmlParseStartTag2 (Nick Wellnhofer), + Fix undefined behavior in xmlRegExecPushStringInternal (Nick Wellnhofer), + Check XPath exponents for overflow (Nick Wellnhofer), + Check for overflow in xmlXPathIsPositionalPredicate (Nick Wellnhofer), + Fix spurious error message (Nick Wellnhofer), + Fix memory leak in xmlCanonicPath (Nick Wellnhofer), + Fix memory leak in xmlXPathCompareNodeSetValue (Nick Wellnhofer), + Fix memory leak in pattern error path (Nick Wellnhofer), + Fix memory leak in parser error path (Nick Wellnhofer), + Fix memory leaks in XPointer error paths (Nick Wellnhofer), + Fix memory leak in xmlXPathNodeSetMergeAndClear (Nick Wellnhofer), + Fix memory leak in XPath filter optimizations (Nick Wellnhofer), + Fix memory leaks in XPath error paths (Nick Wellnhofer), + Do not leak the new CData node if adding fails (David Tardon), + Prevent unwanted external entity reference (Neel Mehta), + Increase buffer space for port in HTTP redirect support (Daniel Veillard), + Fix more NULL pointer derefs in xpointer.c (Nick Wellnhofer), + Avoid function/data pointer conversion in xpath.c (Nick Wellnhofer), + Fix format string warnings (Nick Wellnhofer), + Disallow namespace nodes in XPointer points (Nick Wellnhofer), + Fix comparison with root node in xmlXPathCmpNodes (Nick Wellnhofer), + Fix attribute decoding during XML schema validation (Alex Henrie), + Fix NULL pointer deref in XPointer range-to (Nick Wellnhofer) + + - Improvements: + Updating the spec file to reflect Fedora 24 (Daniel Veillard), + Add const in five places to move 1 KiB to .rdata (Bruce Dawson), + Fix missing part of comment for function xmlXPathEvalExpression() (Daniel Veillard), + Get rid of "blanks wrapper" for parameter entities (Nick Wellnhofer), + Simplify handling of parameter entity references (Nick Wellnhofer), + Deduplicate code in encoding.c (Nick Wellnhofer), + Make HTML parser functions take const pointers (Nick Wellnhofer), + Build test programs only when needed (Nick Wellnhofer), + Fix doc/examples/index.py (Nick Wellnhofer), + Fix compiler warnings in threads.c (Nick Wellnhofer), + Fix empty-body warning in nanohttp.c (Nick Wellnhofer), + Fix cast-align warnings (Nick Wellnhofer), + Fix unused-parameter warnings (Nick Wellnhofer), + Rework entity boundary checks (Nick Wellnhofer), + Don't switch encoding for internal parameter entities (Nick Wellnhofer), + Merge duplicate code paths handling PE references (Nick Wellnhofer), + Test SAX2 callbacks with entity substitution (Nick Wellnhofer), + Support catalog and threads tests under --without-sax1 (Nick Wellnhofer), + Misc fixes for 'make tests' (Nick Wellnhofer), + Initialize keepBlanks in HTML parser (Nick Wellnhofer), + Add test cases for bug 758518 (David Kilzer), + Fix compiler warning in htmlParseElementInternal (Nick Wellnhofer), + Remove useless check in xmlParseAttributeListDecl (Nick Wellnhofer), + Allow zero sized memory input buffers (Nick Wellnhofer), + Add TODO comment in xmlSwitchEncoding (Nick Wellnhofer), + Check for integer overflow in xmlXPathFormatNumber (Nick Wellnhofer), + Make Travis print UBSan stacktraces (Nick Wellnhofer), + Add .travis.yml (Nick Wellnhofer), + Fix expected error output in Python tests (Nick Wellnhofer), + Simplify control flow in xmlParseStartTag2 (Nick Wellnhofer), + Disable LeakSanitizer when running API tests (Nick Wellnhofer), + Avoid out-of-bound array access in API tests (Nick Wellnhofer), + Avoid spurious UBSan errors in parser.c (Nick Wellnhofer), + Parse small XPath numbers more accurately (Nick Wellnhofer), + Rework XPath rounding functions (Nick Wellnhofer), + Fix white space in test output (Nick Wellnhofer), + Fix axis traversal from attribute and namespace nodes (Nick Wellnhofer), + Check for trailing characters in XPath expressions earlier (Nick Wellnhofer), + Rework final handling of XPath results (Nick Wellnhofer), + Make xmlXPathEvalExpression call xmlXPathEval (Nick Wellnhofer), + Remove unused variables (Nick Wellnhofer), + Don't print generic error messages in XPath tests (Nick Wellnhofer) + + - Cleanups: + Fix a couple of misleading indentation errors (Daniel Veillard), + Remove unnecessary calls to xmlPopInput (Nick Wellnhofer) + + + +2.9.4: May 23 2016: + - Security: + More format string warnings with possible format string vulnerability (David Kilzer), + Avoid building recursive entities (Daniel Veillard), + Heap-based buffer overread in htmlCurrentChar (Pranjal Jumde), + Heap-based buffer-underreads due to xmlParseName (David Kilzer), + Heap use-after-free in xmlSAX2AttributeNs (Pranjal Jumde), + Heap use-after-free in htmlParsePubidLiteral and htmlParseSystemiteral (Pranjal Jumde), + Fix some format string warnings with possible format string vulnerability (David Kilzer), + Detect change of encoding when parsing HTML names (Hugh Davenport), + Fix inappropriate fetch of entities content (Daniel Veillard), + Bug 759398: Heap use-after-free in xmlDictComputeFastKey (Pranjal Jumde), + Bug 758605: Heap-based buffer overread in xmlDictAddString (Pranjal Jumde), + Bug 758588: Heap-based buffer overread in xmlParserPrintFileContextInternal (David Kilzer), + Bug 757711: heap-buffer-overflow in xmlFAParsePosCharGroup (Pranjal Jumde), + Add missing increments of recursion depth counter to XML parser. (Peter Simons) + + - Documentation: + Fix typo: s{ ec -> cr }cipt (Jan Pokorný), + Fix typos: dictio{ nn -> n }ar{y,ies} (Jan Pokorný), + Fix typos: PATH_{ SEAPARATOR -> SEPARATOR } (Jan Pokorný), + Correct a typo. (Shlomi Fish) + + - Portability: + Correct the usage of LDFLAGS (Mattias Hansson), + Revert the use of SAVE_LDFLAGS in configure.ac (Mattias Hansson), + libxml2 hardcodes -L/lib in zlib/lzma tests which breaks cross-compiles (Mike Frysinger), + Fix apibuild for a recently added construct (Daniel Veillard), + Use pkg-config to locate zlib when possible (Stewart Brodie), + Use pkg-config to locate ICU when possible (Stewart Brodie), + Portability to non C99 compliant compilers (Patrick Monnerat), + dict.h: Move xmlDictPtr definition before includes to allow direct inclusion. (Patrick Monnerat), + os400: tell about xmllint and xmlcatalog in README400. (Patrick Monnerat), + os400: properly process SGML add in XMLCATALOG command. (Patrick Monnerat), + os400: implement CL command XMLCATALOG. (Patrick Monnerat), + os400: compile and install program xmlcatalog (qshell-only). (Patrick Monnerat), + os400: expand tabs in sources, strip trailing blanks. (Patrick Monnerat), + os400: implement CL command XMLLINT. (Patrick Monnerat), + os400: compile and install program xmllint (qshell-only). (Patrick Monnerat), + os400: initscript make_module(): Use options instead of positional parameters. (Patrick Monnerat), + os400: c14n.rpgle: allow *omit for nullable reference parameters. (Patrick Monnerat), + os400: use like() for double type. (Patrick Monnerat), + os400: use like() for int type. (Patrick Monnerat), + os400: use like() for unsigned int type. (Patrick Monnerat), + os400: use like() for enum types. (Patrick Monnerat), + Add xz to xml2-config --libs output (Baruch Siach), + Bug 760190: configure.ac should be able to build --with-icu without icu-config tool (David Kilzer), + win32\VC10\config.h and VS 2015 (Bruce Dawson), + Add configure maintainer mode (orzen) + + - Bug Fixes: + Avoid an out of bound access when serializing malformed strings (Daniel Veillard), + Unsigned addition may overflow in xmlMallocAtomicLoc() (David Kilzer), + Integer signed/unsigned type mismatch in xmlParserInputGrow() (David Kilzer), + Bug 763071: heap-buffer-overflow in xmlStrncat (Pranjal Jumde), + Integer overflow parsing port number in URI (Michael Paddon), + Fix an error with regexp on nullable counted char transition (Daniel Veillard), + Fix memory leak with XPath namespace nodes (Nick Wellnhofer), + Fix namespace axis traversal (Nick Wellnhofer), + Fix null pointer deref in docs with no root element (Hugh Davenport), + Fix XSD validation of URIs with ampersands (Alex Henrie), + xmlschemastypes.c: accept endOfDayFrag Times set to "24:00:00" mean "end of day" and should not cause an error. (Patrick Monnerat), + xmlcatalog: flush stdout before interactive shell input. (Patrick Monnerat), + xmllint: flush stdout before interactive shell input. (Patrick Monnerat), + Don't recurse into OP_VALUEs in xmlXPathOptimizeExpression (Nick Wellnhofer), + Fix namespace::node() XPath expression (Nick Wellnhofer), + Fix OOB write in xmlXPathEmptyNodeSet (Nick Wellnhofer), + Fix parsing of NCNames in XPath (Nick Wellnhofer), + Fix OOB read with invalid UTF-8 in xmlUTF8Strsize (Nick Wellnhofer), + Do normalize string-based datatype value in RelaxNG facet checking (Audric Schiltknecht), + Bug 760921: REGRESSION (8eb55d78): doc/examples/io1 test fails after fix for "xmlSaveUri() incorrectly recomposes URIs with rootless paths" (David Kilzer), + Bug 760861: REGRESSION (bf9c1dad): Missing results for test/schemas/regexp-char-ref_[01].xsd (David Kilzer), + error.c: *input->cur == 0 does not mean no error (Pavel Raiskup), + Add missing RNG test files (David Kilzer), + Bug 760183: REGRESSION (v2.9.3): XML push parser fails with bogus UTF-8 encoding error when multi-byte character in large CDATA section is split across buffer (David Kilzer), + Bug 758572: ASAN crash in make check (David Kilzer), + Bug 721158: Missing ICU string when doing --version on xmllint (David Kilzer), + python 3: libxml2.c wrappers create Unicode str already (Michael Stahl), + Add autogen.sh to distrib (orzen), + Heap-based buffer overread in xmlNextChar (Daniel Veillard) + + - Improvements: + Add more debugging info to runtest (Daniel Veillard), + Implement "runtest -u" mode (David Kilzer), + Add a make rule to rebuild for ASAN (Daniel Veillard) + + + +v2.9.3: Nov 20 2015: + - Security: + CVE-2015-8242 Buffer overead with HTML parser in push mode (Hugh Davenport), + CVE-2015-7500 Fix memory access error due to incorrect entities boundaries (Daniel Veillard), + CVE-2015-7499-2 Detect incoherency on GROW (Daniel Veillard), + CVE-2015-7499-1 Add xmlHaltParser() to stop the parser (Daniel Veillard), + CVE-2015-5312 Another entity expansion issue (David Drysdale), + CVE-2015-7497 Avoid an heap buffer overflow in xmlDictComputeFastQKey (David Drysdale), + CVE-2015-7498 Avoid processing entities after encoding conversion failures (Daniel Veillard), + CVE-2015-8035 Fix XZ compression support loop (Daniel Veillard), + CVE-2015-7942-2 Fix an error in previous Conditional section patch (Daniel Veillard), + CVE-2015-7942 Another variation of overflow in Conditional sections (Daniel Veillard), + CVE-2015-1819 Enforce the reader to run in constant memory (Daniel Veillard) + CVE-2015-7941_2 Cleanup conditional section error handling (Daniel Veillard), + CVE-2015-7941_1 Stop parsing on entities boundaries errors (Daniel Veillard), + + - Documentation: + Correct spelling of "calling" (Alex Henrie), + Fix a small error in xmllint --format description (Fabien Degomme), + Avoid XSS on the search of xmlsoft.org (Daniel Veillard) + + - Portability: + threads: use forward declarations only for glibc (Michael Heimpold), + Update Win32 configure.js to search for configure.ac (Daniel Veillard) + + - Bug Fixes: + Bug on creating new stream from entity (Daniel Veillard), + Fix some loop issues embedding NEXT (Daniel Veillard), + Do not print error context when there is none (Daniel Veillard), + Avoid extra processing of MarkupDecl when EOF (Hugh Davenport), + Fix parsing short unclosed comment uninitialized access (Daniel Veillard), + Add missing Null check in xmlParseExternalEntityPrivate (Gaurav Gupta), + Fix a bug in CData error handling in the push parser (Daniel Veillard), + Fix a bug on name parsing at the end of current input buffer (Daniel Veillard), + Fix the spurious ID already defined error (Daniel Veillard), + Fix previous change to node sort order (Nick Wellnhofer), + Fix a self assignment issue raised by clang (Scott Graham), + Fail parsing early on if encoding conversion failed (Daniel Veillard), + Do not process encoding values if the declaration if broken (Daniel Veillard), + Silence clang's -Wunknown-attribute (Michael Catanzaro), + xmlMemUsed is not thread-safe (Martin von Gagern), + Fix support for except in nameclasses (Daniel Veillard), + Fix order of root nodes (Nick Wellnhofer), + Allow attributes on descendant-or-self axis (Nick Wellnhofer), + Fix the fix to Windows locking (Steve Nairn), + Fix timsort invariant loop re: Envisage article (Christopher Swenson), + Don't add IDs in xmlSetTreeDoc (Nick Wellnhofer), + Account for ID attributes in xmlSetTreeDoc (Nick Wellnhofer), + Remove various unused value assignments (Philip Withnall), + Fix missing entities after CVE-2014-3660 fix (Daniel Veillard), + Revert "Missing initialization for the catalog module" (Daniel Veillard) + + - Improvements: + Reuse xmlHaltParser() where it makes sense (Daniel Veillard), + xmlStopParser reset errNo (Daniel Veillard), + Re-enable xz support by default (Daniel Veillard), + Recover unescaped less-than character in HTML recovery parsing (Daniel Veillard), + Allow HTML serializer to output HTML5 DOCTYPE (Shaun McCance), + Regression test for bug #695699 (Nick Wellnhofer), + Add a couple of XPath tests (Nick Wellnhofer), + Add Python 3 rpm subpackage (Tomas Radej), + libxml2-config.cmake.in: update include directories (Samuel Martin), + Adding example from bugs 738805 to regression tests (Daniel Veillard) + + - Cleanups: + + + +2.9.2: Oct 16 2014: + - Security: + Fix for CVE-2014-3660 billion laugh variant (Daniel Veillard), + CVE-2014-0191 Do not fetch external parameter entities (Daniel Veillard) + + - Bug Fixes: + fix memory leak xml header encoding field with XML_PARSE_IGNORE_ENC (Bart De Schuymer), + xmlmemory: handle realloc properly (Yegor Yefremov), + Python generator bug raised by the const change (Daniel Veillard), + Windows Critical sections not released correctly (Daniel Veillard), + Parser error on repeated recursive entity expansion containing < (Daniel Veillard), + xpointer : fixing Null Pointers (Gaurav Gupta), + Remove Unnecessary Null check in xpointer.c (Gaurav Gupta), + parser bug on misformed namespace attributes (Dennis Filder), + Pointer dereferenced before null check (Daniel Veillard), + Leak of struct addrinfo in xmlNanoFTPConnect() (Gaurav Gupta), + Possible overflow in HTMLParser.c (Daniel Veillard), + python/tests/sync.py assumes Python dictionaries are ordered (John Beck), + Fix Enum check and missing break (Gaurav Gupta), + xmlIO: Handle error returns from dup() (Philip Withnall), + Fix a problem properly saving URIs (Daniel Veillard), + wrong error column in structured error when parsing attribute values (Juergen Keil), + wrong error column in structured error when skipping whitespace in xml decl (Juergen Keil), + no error column in structured error handler for xml schema validation errors (Juergen Keil), + Couple of Missing Null checks (Gaurav Gupta), + Add couple of missing Null checks (Daniel Veillard), + xmlschemastypes: Fix potential array overflow (Philip Withnall), + runtest: Fix a memory leak on parse failure (Philip Withnall), + xmlIO: Fix an FD leak on gzdopen() failure (Philip Withnall), + xmlcatalog: Fix a memory leak on quit (Philip Withnall), + HTMLparser: Correctly initialise a stack allocated structure (Philip Withnall), + Check for tmon in _xmlSchemaDateAdd() is incorrect (David Kilzer), + Avoid Possible Null Pointer in trio.c (Gaurav Gupta), + Fix processing in SAX2 in case of an allocation failure (Daniel Veillard), + XML Shell command "cd" does not handle "/" at end of path (Daniel Veillard), + Fix various Missing Null checks (Gaurav Gupta), + Fix a potential NULL dereference (Daniel Veillard), + Add a couple of misisng check in xmlRelaxNGCleanupTree (Gaurav Gupta), + Add a missing argument check (Gaurav Gupta), + Adding a check in case of allocation error (Gaurav Gupta), + xmlSaveUri() incorrectly recomposes URIs with rootless paths (Dennis Filder), + Adding some missing NULL checks (Gaurav), + Fixes for xmlInitParserCtxt (Daniel Veillard), + Fix regressions introduced by CVE-2014-0191 patch (Daniel Veillard), + erroneously ignores a validation error if no error callback set (Daniel Veillard), + xmllint was not parsing the --c14n11 flag (Sérgio Batista), + Avoid Possible null pointer dereference in memory debug mode (Gaurav), + Avoid Double Null Check (Gaurav), + Restore context size and position after XPATH_OP_ARG (Nick Wellnhofer), + Fix xmlParseInNodeContext() if node is not element (Daniel Veillard), + Avoid a possible NULL pointer dereference (Gaurav), + Fix xmlTextWriterWriteElement when a null content is given (Daniel Veillard), + Fix an typo 'onrest' in htmlScriptAttributes (Daniel Veillard), + fixing a ptotential uninitialized access (Daniel Veillard), + Fix an fd leak in an error case (Daniel Veillard), + Missing initialization for the catalog module (Daniel Veillard), + Handling of XPath function arguments in error case (Nick Wellnhofer), + Fix a couple of missing NULL checks (Gaurav), + Avoid a possibility of dangling encoding handler (Gaurav), + Fix HTML push parser to accept HTML_PARSE_NODEFDTD (Arnold Hendriks), + Fix a bug loading some compressed files (Mike Alexander), + Fix XPath node comparison bug (Gaurav), + Type mismatch in xmlschemas.c (Gaurav), + Type mismatch in xmlschemastypes.c (Gaurav), + Avoid a deadcode in catalog.c (Daniel Veillard), + run close socket on Solaris, same as we do on other platforms (Denis Pauk), + Fix pointer dereferenced before null check (Gaurav), + Fix a potential NULL dereference in tree code (Daniel Veillard), + Fix potential NULL pointer dereferences in regexp code (Gaurav), + xmllint --pretty crashed without following numeric argument (Tim Galeckas), + Fix XPath expressions of the form '@ns:*' (Nick Wellnhofer), + Fix XPath '//' optimization with predicates (Nick Wellnhofer), + Clear up a potential NULL dereference (Daniel Veillard), + Fix a possible NULL dereference (Gaurav), + Avoid crash if allocation fails (Daniel Veillard), + Remove occasional leading space in XPath number formatting (Daniel Veillard), + Fix handling of mmap errors (Daniel Veillard), + Catch malloc error and exit accordingly (Daniel Veillard), + missing else in xlink.c (Ami Fischman), + Fix a parsing bug on non-ascii element and CR/LF usage (Daniel Veillard), + Fix a regression in xmlGetDocCompressMode() (Daniel Veillard), + properly quote the namespace uris written out during c14n (Aleksey Sanin), + Remove premature XInclude check on URI being relative (Alexey Neyman), + Fix missing break on last() function for attributes (dcb), + Do not URI escape in server side includes (Romain Bondue), + Fix an error in xmlCleanupParser (Alexander Pastukhov) + + - Documentation: + typo in error messages "colon are forbidden from..." (Daniel Veillard), + Fix a link to James SAX documentation old page (Daniel Veillard), + Fix typos in relaxng.c (Jan Pokorný), + Fix a doc typo (Daniel Veillard), + Fix typos in {tree,xpath}.c (errror) (Jan Pokorný), + Add limitations about encoding conversion (Daniel Veillard), + Fix typos in xmlschemas{,types}.c (Jan Pokorný), + Fix incorrect spelling entites->entities (Jan Pokorný), + Forgot to document 2.9.1 release, regenerate docs (Daniel Veillard) + + - Portability: + AC_CONFIG_FILES and executable bit (Roumen Petrov), + remove HAVE_CONFIG_H dependency in testlimits.c (Roumen Petrov), + fix some tabs mixing incompatible with python3 (Roumen Petrov), + Visual Studio 14 CTP defines snprintf() (Francis Dupont), + OS400: do not try to copy unexisting doc files (Patrick Monnerat), + OS400: use either configure.ac or configure.in. (Patrick Monnerat), + os400: make-src.sh: create physical file with target CCSID (Patrick Monnerat), + OS400: Add some more C macros equivalent procedures. (Patrick Monnerat), + OS400: use C macros to implement equivalent RPG support procedures. (Patrick Monnerat), + OS400: implement XPath macros as procedures for ILE/RPG support. (Patrick Monnerat), + OS400: include in distribution tarball. (Patrick Monnerat), + OS400: Add README: compilation directives and OS/400 specific stuff. (Patrick Monnerat), + OS400: Add compilation scripts. (Patrick Monnerat), + OS400: ILE RPG language header files. (Patrick Monnerat), + OS400: implement some macros as functions for ILE/RPG language support (that as no macros). (Patrick Monnerat), + OS400: UTF8<-->EBCDIC wrappers for system and external library calls (Patrick Monnerat), + OS400: Easy character transcoding support (Patrick Monnerat), + OS400: iconv functions compatibility wrappers and table builder. (Patrick Monnerat), + OS400: create architecture directory. Implement dlfcn emulation. (Patrick Monnerat), + Fix building when configuring without xpath and xptr (Daniel Veillard), + configure: Add --with-python-install-dir (Jonas Eriksson), + Fix compilation with minimum and xinclude. (Nicolas Le Cam), + Compile out use of xmlValidateNCName() when not available. (Nicolas Le Cam), + Fix compilation with minimum and schematron. (Nicolas Le Cam), + Legacy needs xmlSAX2StartElement() and xmlSAX2EndElement(). (Nicolas Le Cam), + Don't use xmlValidateName() when not available. (Nicolas Le Cam), + Fix a portability issue on Windows (Longstreth Jon), + Various portability patches for OpenVMS (Jacob (Jouk) Jansen), + Use specific macros for portability to OS/400 (Patrick Monnerat), + Add macros needed for OS/400 portability (Patrick Monnerat), + Portability patch for fopen on OS/400 (Patrick Monnerat), + Portability fixes for OS/400 (Patrick Monnerat), + Improve va_list portability (Patrick Monnerat), + Portability fix (Patrick Monnerat), + Portability fix (Patrick Monnerat), + Generic portability fix (Patrick Monnerat), + Shortening lines in headers (Patrick Monnerat), + build: Use pkg-config to find liblzma in preference to AC_CHECK_LIB (Philip Withnall), + build: Add @LZMA_LIBS@ to libxml’s pkg-config files (Philip Withnall), + fix some tabs mixing incompatible with python3 (Daniel Veillard), + add additional defines checks for support "./configure --with-minimum" (Denis Pauk), + Another round of fixes for older versions of Python (Arfrever Frehtes Taifersar Arahesis), + python: fix drv_libxml2.py for python3 compatibility (Alexandre Rostovtsev), + python: Fix compiler warnings when building python3 bindings (Armin K), + Fix for compilation with python 2.6.8 (Petr Sumbera) + + - Improvements: + win32/libxml2.def.src after rebuild in doc (Roumen Petrov), + elfgcchack.h: more legacy needs xmlSAX2StartElement() and xmlSAX2EndElement() (Roumen Petrov), + elfgcchack.h: add xmlXPathNodeEval and xmlXPathSetContextNode (Roumen Petrov), + Provide cmake module (Samuel Martin), + Fix a couple of issues raised by make dist (Daniel Veillard), + Fix and add const qualifiers (Kurt Roeckx), + Preparing for upcoming release of 2.9.2 (Daniel Veillard), + Fix zlib and lzma libraries check via command line (Dmitriy), + wrong error column in structured error when parsing end tag (Juergen Keil), + doc/news.html: small update to avoid line join while generating NEWS. (Patrick Monnerat), + Add methods for python3 iterator (Ron Angeles), + Support element node traversal in document fragments. (Kyle VanderBeek), + xmlNodeSetName: Allow setting the name to a substring of the currently set name (Tristan Van Berkom), + Added macros for argument casts (Eric Zurcher), + adding init calls to xml and html Read parsing entry points (Daniel Veillard), + Get rid of 'REPLACEMENT CHARACTER' Unicode chars in xmlschemas.c (Jan Pokorný), + Implement choice for name classes on attributes (Shaun McCance), + Two small namespace tweaks (Daniel Veillard), + xmllint --memory should fail on empty files (Daniel Veillard), + Cast encoding name to char pointer to match arg type (Nikolay Sivov) + + - Cleanups: + Removal of old configure.in (Daniel Veillard), + Unreachable code in tree.c (Gaurav Gupta), + Remove a couple of dead conditions (Gaurav Gupta), + Avoid some dead code and cleanup in relaxng.c (Gaurav), + Drop not needed checks (Denis Pauk), + Fix a wrong test (Daniel Veillard) + + + +2.9.1: Apr 19 2013: + - Features: + Support for Python3 (Daniel Veillard), + Add xmlXPathSetContextNode and xmlXPathNodeEval (Alex Bligh) + + - Documentation: + Add documentation for xmllint --xpath (Daniel Veillard), + Fix the URL of the SAX documentation from James (Daniel Veillard), + Fix spelling of "length". (Michael Wood) + + - Portability: + Fix python bindings with versions older than 2.7 (Daniel Veillard), + rebuild docs:Makefile.am (Roumen Petrov), + elfgcchack.h after rebuild in doc (Roumen Petrov), + elfgcchack for buf module (Roumen Petrov), + Fix a uneeded and wrong extra link parameter (Daniel Veillard), + Few cleanup patches for Windows (Denis Pauk), + Fix rpmbuild --nocheck (Mark Salter), + Fix for win32/configure.js and WITH_THREAD_ALLOC (Daniel Richard), + Fix Broken multi-arch support in xml2-config (Daniel Veillard), + Fix a portability issue for GCC < 3.4.0 (Daniel Veillard), + Windows build fixes (Daniel Richard), + Fix a thread portability problem (Friedrich Haubensak), + Downgrade autoconf requirement to 2.63 (Daniel Veillard) + + - Bug Fixes: + Fix a linking error for python bindings (Daniel Veillard), + Fix a couple of return without value (Jüri Aedla), + Improve the hashing functions (Daniel Franke), + Improve handling of xmlStopParser() (Daniel Veillard), + Remove risk of lockup in dictionary initialization (Daniel Veillard), + Activate detection of encoding in external subset (Daniel Veillard), + Fix an output buffer flushing conversion bug (Mikhail Titov), + Fix an old bug in xmlSchemaValidateOneElement (Csaba László), + Fix configure cannot remove messages (Gilles Espinasse), + fix schema validation in combination with xsi:nil (Daniel Veillard), + xmlCtxtReadFile doesn't work with literal IPv6 URLs (Steve Wolf), + Fix a few problems with setEntityLoader (Alexey Neyman), + Detect excessive entities expansion upon replacement (Daniel Veillard), + Fix the flushing out of raw buffers on encoding conversions (Daniel, +Veillard), + Fix some buffer conversion issues (Daniel Veillard), + When calling xmlNodeDump make sure we grow the buffer quickly (Daniel, +Veillard), + Fix an error in the progressive DTD parsing code (Dan Winship), + xmllint should not load DTD by default when using the reader (Daniel, +Veillard), + Try IBM-037 when looking for EBCDIC handlers (Petr Sumbera), + Fix potential out of bound access (Daniel Veillard), + Fix large parse of file from memory (Daniel Veillard), + Fix a bug in the nsclean option of the parser (Daniel Veillard), + Fix a regression in 2.9.0 breaking validation while streaming (Daniel, +Veillard), + Remove potential calls to exit() (Daniel Veillard) + + - Improvements: + Regenerated API, and testapi, rebuild documentation (Daniel Veillard), + Fix tree iterators broken by 2to3 script (Daniel Veillard), + update all tests for Python3 and Python2 (Daniel Veillard), + A few more fixes for python 3 affecting libxml2.py (Daniel Veillard), + Fix compilation on Python3 (Daniel Veillard), + Converting apibuild.py to python3 (Daniel Veillard), + First pass at starting porting to python3 (Daniel Veillard), + updated configure.in for python3 (Daniel Veillard), + Add support for xpathRegisterVariable in Python (Shaun McCance), + Added a regression tests from bug 694228 data (Daniel Veillard), + Cache presence of '<' in entities content (Daniel Veillard), + Avoid extra processing on entities (Daniel Veillard), + Python binding for xmlRegisterInputCallback (Alexey Neyman), + Python bindings: DOM casts everything to xmlNode (Alexey Neyman), + Define LIBXML_THREAD_ALLOC_ENABLED via xmlversion.h (Tim Starling), + Adding streaming validation to runtest checks (Daniel Veillard), + Add a --pushsmall option to xmllint (Daniel Veillard) + + - Cleanups: + Switched comment in file to UTF-8 encoding (Daniel Veillard), + Extend gitignore (Daniel Veillard), + Silent the new python test on input (Alexey Neyman), + Cleanup of a duplicate test (Daniel Veillard), + Cleanup on duplicate test expressions (Daniel Veillard), + Fix compiler warning after 153cf15905cf4ec080612ada6703757d10caba1e (Patrick, +Gansterer), + Spec cleanups and a fix for multiarch support (Daniel Veillard), + Silence a clang warning (Daniel Veillard), + Cleanup the Copyright to be pure MIT Licence wording (Daniel Veillard), + rand_seed should be static in dict.c (Wouter Van Rooy), + Fix typos in parser comments (Jan Pokorný) + + + +2.9.0: Sep 11 2012: + - Features: + A few new API entry points, + More resilient push parser mode, + A lot of portability improvement, + Faster XPath evaluation + + - Documentation: + xml2-config.1 markup error (Christian Weisgerber), + libxml(3) manpage typo fix (John Bradshaw), + More cleanups to the documentation part of libxml2 (Daniel Richard G) + + - Portability: + Bug 676544 - fails to build with --without-sax1 (Akira TAGOH), + fix builds not having stdint.h (Rob Richards), + GetProcAddressA is available only on WinCE (Daniel Veillard), + More updates and cleanups on autotools and Makefiles (Daniel Richard G), + More changes for Win32 compilation (Eric Zurcher), + Basic changes for Win32 builds of release 2.9.0: compile buf.c (Eric Zurcher), + Bundles all generated files for python into the distribution (Daniel Richard G), + Fix compiler warnings of wincecompat.c (Patrick Gansterer), + Fix non __GNUC__ build (Patrick Gansterer), + Fix windows unicode build (Patrick Gansterer), + clean redefinition of {v}snprintf in C-source (Roumen Petrov), + use xmlBuf... if DEBUG_INPUT is defined (Roumen Petrov), + fix runtests to use pthreads support for various Unix platforms (Daniel Richard G), + Various "make distcheck" and portability fixups 2nd part (Daniel Richard G), + Various "make distcheck" and portability fixups (Daniel Richard G), + Fix compilation on older Visual Studio (Daniel Veillard) + + - Bug Fixes: + Change the XPath code to percolate allocation errors (Daniel Veillard), + Fix reuse of xmlInitParser (Daniel Veillard), + Fix potential crash on entities errors (Daniel Veillard), + initialize var (Rob Richards), + Fix the XPath arity check to also check the XPath stack limits (Daniel Veillard), + Fix problem with specific and generic error handlers (Pietro Cerutti), + Avoid a potential infinite recursion (Daniel Veillard), + Fix an XSD error when generating internal automata (Daniel Veillard), + Patch for xinclude of text using multibyte characters (Vitaly Ostanin), + Fix a segfault on XSD validation on pattern error (Daniel Veillard), + Fix missing xmlsave.h module which was ignored in recent builds (Daniel Veillard), + Add a missing element check (Daniel Veillard), + Adding various checks on node type though the API (Daniel Veillard), + Namespace nodes can't be unlinked with xmlUnlinkNode (Daniel Veillard), + Fix make dist to include new private header files (Daniel Veillard), + More fixups on the push parser behaviour (Daniel Veillard), + Strengthen behaviour of the push parser in problematic situations (Daniel Veillard), + Enforce XML_PARSER_EOF state handling through the parser (Daniel Veillard), + Fixup limits parser (Daniel Veillard), + Do not fetch external parsed entities (Daniel Veillard), + Fix an error in previous commit (Aron Xu), + Fix entities local buffers size problems (Daniel Veillard), + Fix parser local buffers size problems (Daniel Veillard), + Fix a failure to report xmlreader parsing failures (Daniel Veillard) + + - Improvements: + Keep libxml2.syms when running "make distclean" (Daniel Veillard), + Allow to set the quoting character of an xmlWriter (Csaba Raduly), + Keep non-significant blanks node in HTML parser (Daniel Veillard), + Add a forbidden variable error number and message to XPath (Daniel Veillard), + Support long path names on WNT (Michael Stahl), + Improve HTML escaping of attribute on output (Daniel Veillard), + Handle ICU_LIBS as LIBADD, not LDFLAGS to prevent linking errors (Arfrever Frehtes Taifersar Arahesis), + Switching XPath node sorting to Timsort (Vojtech Fried), + Optimizing '//' in XPath expressions (Nick Wellnhofer), + Expose xmlBufShrink in the public tree API (Daniel Veillard), + Visible HTML elements close the head tag (Conrad Irwin), + Fix file and line report for XSD SAX and reader streaming validation (Daniel Veillard), + Fix const qualifyer to definition of xmlBufferDetach (Daniel Veillard), + minimize use of HAVE_CONFIG_H (Roumen Petrov), + fixup regression in Various "make distcheck" and portability fixups (Roumen Petrov), + Add support for big line numbers in error reporting (Daniel Veillard), + Avoid using xmlBuffer for serialization (Daniel Veillard), + Improve compatibility between xmlBuf and xmlBuffer (Daniel Veillard), + Provide new accessors for xmlOutputBuffer (Daniel Veillard), + Improvements for old buffer compatibility (Daniel Veillard), + Expand the limit test program (Daniel Veillard), + Improve error reporting on parser errors (Daniel Veillard), + Implement some default limits in the XPath module (Daniel Veillard), + Introduce some default parser limits (Daniel Veillard), + Cleanups and new limit APIs for dictionaries (Daniel Veillard), + Fixup for buf.c (Daniel Veillard), + Cleanup URI module memory allocation code (Daniel Veillard), + Extend testlimits (Daniel Veillard), + More avoid quadratic behaviour (Daniel Veillard), + Impose a reasonable limit on PI size (Daniel Veillard), + first version of testlimits new test (Daniel Veillard), + Avoid quadratic behaviour in some push parsing cases (Daniel Veillard), + Impose a reasonable limit on comment size (Daniel Veillard), + Impose a reasonable limit on attribute size (Daniel Veillard), + Harden the buffer code and make it more compatible (Daniel Veillard), + More cleanups for input/buffers code (Daniel Veillard), + Cleanup function xmlBufResetInput(), to set input from Buffer (Daniel Veillard) + Switch the test program for characters to new input buffers (Daniel Veillard), + Convert the HTML tree module to the new buffers (Daniel Veillard), + Convert of the HTML parser to new input buffers (Daniel Veillard), + Convert the writer to new output buffer and save APIs (Daniel Veillard), + Convert XMLReader to the new input buffers (Daniel Veillard), + New saving functions using xmlBuf and conversion (Daniel Veillard), + Provide new xmlBuf based saving functions (Daniel Veillard), + Convert XInclude to the new input buffers (Daniel Veillard), + Convert catalog code to the new input buffers (Daniel Veillard), + Convert C14N to the new Input buffer (Daniel Veillard), + Convert xmlIO.c to the new input and output buffers (Daniel Veillard), + Convert XML parser to the new input buffers (Daniel Veillard), + Incompatible change to the Input and Output buffers (Daniel Veillard), + Adding new encoding function to deal with the new structures (Daniel Veillard), + Convert XPath to xmlBuf (Daniel Veillard), + Adding a new buf module for buffers (Daniel Veillard), + Memory error within SAX2 reuse common framework (Daniel Veillard), + Fix xmllint --xpath node initialization (Daniel Veillard) + + - Cleanups: + Various cleanups to avoid compiler warnings (Daniel Veillard), + Big space and tab cleanup (Daniel Veillard), + Followup to LibXML2 docs/examples cleanup patch (Daniel Veillard), + Second round of cleanups for LibXML2 docs/examples (Daniel Richard), + Remove all .cvsignore as they are not used anymore (Daniel Veillard), + Fix a Timsort function helper comment (Daniel Veillard), + Small cleanup for valgrind target (Daniel Veillard), + Patch for portability of latin characters in C files (Daniel Veillard), + Cleanup some of the parser code (Daniel Veillard), + Fix a variable name in comment (Daniel Veillard), + Regenerated testapi.c (Daniel Veillard), + Regenerating docs and API files (Daniel Veillard), + Small cleanup of unused variables in test (Daniel Veillard), + Expand .gitignore with more files (Daniel Veillard) + + + +2.8.0: May 23 2012: + - Features: + add lzma compression support (Anders F Bjorklund) + + - Documentation: + xmlcatalog: Add uri and delegateURI to possible add types in man page. (Ville Skyttä), + Update README.tests (Daniel Veillard), + URI handling code is not OOM resilient (Daniel Veillard), + Fix an error in comment (Daniel Veillard), + Fixed bug #617016 (Daniel Mustieles), + Fixed two typos in the README document (Daniel Neel), + add generated html files (Anders F Bjorklund), + Clarify the need to use xmlFreeNode after xmlUnlinkNode (Daniel Veillard), + Improve documentation a bit (Daniel Veillard), + Updated URL for lxml python bindings (Daniel Veillard) + + - Portability: + Restore code for Windows compilation (Daniel Veillard), + Remove git error message during configure (Christian Dywan), + xmllint: Build fix for endTimer if !defined(HAVE_GETTIMEOFDAY) (Patrick R. Gansterer), + remove a bashism in confgure.in (John Hein), + undef ERROR if already defined (Patrick R. Gansterer), + Fix library problems with mingw-w64 (Michael Cronenworth), + fix windows build. ifdef addition from bug 666491 makes no sense (Rob Richards), + prefer native threads on win32 (Sam Thursfield), + Allow to compile with Visual Studio 2010 (Thomas Lemm), + Fix mingw's snprintf configure check (Andoni Morales), + fixed a 64bit big endian issue (Marcus Meissner), + Fix portability failure if netdb.h lacks NO_ADDRESS (Daniel Veillard), + Fix windows build from lzma addition (Rob Richards), + autogen: Only check for libtoolize (Colin Walters), + Fix the Windows build files (Patrick von Reth), + 634846 Remove a linking option breaking Windows VC10 (Daniel Veillard), + 599241 fix an initialization problem on Win64 (Andrew W. Nosenko), + fix win build (Rob Richards) + + - Bug fixes: + Part for rand_r checking missing (Daniel Veillard), + Cleanup on randomization (Daniel Veillard), + Fix undefined reference in python module (Pacho Ramos), + Fix a race in xmlNewInputStream (Daniel Veillard), + Fix weird streaming RelaxNG errors (Noam), + Fix various bugs in new code raised by the API checking (Daniel Veillard), + Fix various problems with "make dist" (Daniel Veillard), + Fix a memory leak in the xzlib code (Daniel Veillard), + HTML parser error with